cybernews

fuite de donnée enregistrée

Latest News


CVE-2025-8748 - MiR Command Injection Vulnerability

CVE ID : CVE-2025-8748
Published : Aug. 8, 2025, 11:15 a.m. | 39 minutes ago
Description : MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 11:15:00 GMT

read more

CVE-2025-48913 - Apache CXF JMS Untrusted Configuration RCE

CVE ID : CVE-2025-48913
Published : Aug. 8, 2025, 10:15 a.m. | 1 hour, 40 minutes ago
Description : If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 10:15:00 GMT

read more

CVE-2025-53606 - Apache Seata (incubating) Deserialization of Untrusted Data Remote Code Execution

CVE ID : CVE-2025-53606
Published : Aug. 8, 2025, 10:15 a.m. | 1 hour, 40 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 10:15:00 GMT

read more

CVE-2025-6572 - OpenStreetMap for Gutenberg WPBakery Page Builder Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6572
Published : Aug. 8, 2025, 6:15 a.m. | 5 hours, 40 minutes ago
Description : The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 06:15:00 GMT

read more

CVE-2025-54940 - WordPress Advanced Custom Fields HTML Injection Vulnerability

CVE ID : CVE-2025-54940
Published : Aug. 8, 2025, 5:15 a.m. | 6 hours, 39 minutes ago
Description : An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 05:15:00 GMT

read more

CVE-2025-54958 - Powered BLUE OS Command Injection Vulnerability

CVE ID : CVE-2025-54958
Published : Aug. 8, 2025, 5:15 a.m. | 6 hours, 39 minutes ago
Description : Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If this vulnerability is exploited, arbitrary OS commands may be executed on the affected product.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 05:15:00 GMT

read more

CVE-2025-54959 - BLUE Server File Traversal Vulnerability

CVE ID : CVE-2025-54959
Published : Aug. 8, 2025, 5:15 a.m. | 6 hours, 39 minutes ago
Description : Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. If this vulnerability is exploited, an arbitrary file in the affected product may be disclosed.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 05:15:00 GMT

read more

CVE-2024-58256 - EnzoH OS Command Injection Vulnerability

CVE ID : CVE-2024-58256
Published : Aug. 8, 2025, 4:16 a.m. | 7 hours, 39 minutes ago
Description : EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 04:16:00 GMT

read more

CVE-2024-58257 - EnzoH OS Command Injection

CVE ID : CVE-2024-58257
Published : Aug. 8, 2025, 4:16 a.m. | 7 hours, 39 minutes ago
Description : EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 04:16:00 GMT

read more

CVE-2024-58255 - EnzoH OS Command Injection Vulnerability

CVE ID : CVE-2024-58255
Published : Aug. 8, 2025, 4:15 a.m. | 7 hours, 39 minutes ago
Description : EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 04:15:00 GMT

read more

CVE-2025-8707 - Huuge Box App Improper Android Application Component Export Vulnerability

CVE ID : CVE-2025-8707
Published : Aug. 8, 2025, 3:15 a.m. | 8 hours, 40 minutes ago
Description : A vulnerability was found in Huuge Box App 1.0.3 on Android. It has been classified as problematic. This affects an unknown part of the file AndroidManifest.xml of the component com.huuge.game.zjbox. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 03:15:00 GMT

read more

CVE-2025-8708 - Antabot White-Jotter Deserialization Vulnerability

CVE ID : CVE-2025-8708
Published : Aug. 8, 2025, 3:15 a.m. | 8 hours, 40 minutes ago
Description : A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration. The manipulation with the input EVANNIGHTLY_WAOU leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 03:15:00 GMT

read more

CVE-2025-8706 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE ID : CVE-2025-8706
Published : Aug. 8, 2025, 2:15 a.m. | 9 hours, 40 minutes ago
Description : A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /CommonSolution/CreateFunctionLog of the component Energy Overview Module. The manipulation of the argument MM_MenID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 02:15:00 GMT

read more

CVE-2025-54793 - Astro Open Redirect Vulnerability

CVE ID : CVE-2025-54793
Published : Aug. 8, 2025, 1:15 a.m. | 10 hours, 40 minutes ago
Description : Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs such as https://mydomain.com//malicious-site.com/. This increases the risk of phishing and other social engineering attacks. This affects sites that use on-demand rendering (SSR) with the Node or Cloudflare adapters. It does not affect static sites, or sites deployed to Netlify or Vercel. This issue is fixed in version 5.12.8. To work around this issue at the network level, block outgoing redirect responses with a Location header value that starts with `//`.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-54886 - Skops Remote Code Execution Vulnerability

CVE ID : CVE-2025-54886
Published : Aug. 8, 2025, 1:15 a.m. | 10 hours, 40 minutes ago
Description : skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to prevent arbitrary code execution. The Card.get_model function supports both joblib and skops for model loading. When loading .skops models, it uses skops' secure loading with trusted type validation, raising errors for untrusted types unless explicitly allowed. However, when non-.zip file formats are provided, the function silently falls back to joblib without warning. Unlike skops, joblib allows arbitrary code execution during loading, bypassing security measures and potentially enabling malicious code execution. This issue is fixed in version 0.13.0.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-54887 - jwe JSON Web Encryption Authentication Tag Brute Force Vulnerability

CVE ID : CVE-2025-54887
Published : Aug. 8, 2025, 1:15 a.m. | 10 hours, 40 minutes ago
Description : jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk because JWEs can be modified to decrypt to an arbitrary value, decrypted by observing parsing differences and the GCM internal GHASH key can be recovered. Users are affected by this vulnerability even if they do not use an AES-GCM encryption algorithm for their JWEs. As the GHASH key may have been leaked, users must rotate the encryption keys after upgrading. This issue is fixed in version 1.1.1.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-8703 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE ID : CVE-2025-8703
Published : Aug. 8, 2025, 1:15 a.m. | 10 hours, 40 minutes ago
Description : A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEAS_HomePage/GetAreaTrendChartData of the component Environmental Real-Time Data Module. The manipulation of the argument energyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-8704 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection

CVE ID : CVE-2025-8704
Published : Aug. 8, 2025, 1:15 a.m. | 10 hours, 40 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEAS_AlarmResult/GetAlarmResultProcessList of the component Analysis Conclusion Query Module. The manipulation of the argument resultId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-8705 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE ID : CVE-2025-8705
Published : Aug. 8, 2025, 1:15 a.m. | 10 hours, 40 minutes ago
Description : A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetConfig of the component Energy Overview Module. The manipulation of the argument BP_ProID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 01:15:00 GMT

read more

CVE-2025-54368 - "uv ZIP Archive Extraction Vulnerability"

CVE ID : CVE-2025-54368
Published : Aug. 8, 2025, 12:15 a.m. | 11 hours, 40 minutes ago
Description : uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. An attacker could also contrive a "stacked" ZIP input with multiple internal ZIPs, which would be handled differently by different package installers. The attacker could choose which installer to target in both scenarios. This issue is fixed in version 0.8.6. To work around this issue, users may choose to set UV_INSECURE_NO_ZIP_VALIDATION=1 to revert to the previous behavior.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 00:15:00 GMT

read more

CVE-2025-54952 - ExecuTorch Integer Overflow Code Execution Vulnerability

CVE ID : CVE-2025-54952
Published : Aug. 8, 2025, 12:15 a.m. | 11 hours, 40 minutes ago
Description : An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 00:15:00 GMT

read more

CVE-2025-8702 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE ID : CVE-2025-8702
Published : Aug. 8, 2025, 12:15 a.m. | 11 hours, 40 minutes ago
Description : A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 08 Aug 2025 00:15:00 GMT

read more

CVE-2025-54949 - ExecuTorch Heap Buffer Overflow Vulnerability

CVE ID : CVE-2025-54949
Published : Aug. 7, 2025, 11:15 p.m. | 12 hours, 40 minutes ago
Description : A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 23:15:00 GMT

read more

CVE-2025-54950 - Oracle ExecuTorch Out-of-Bounds Access Code Execution

CVE ID : CVE-2025-54950
Published : Aug. 7, 2025, 11:15 p.m. | 12 hours, 40 minutes ago
Description : An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit fb03b6f85596a8f954d97929075335255b6a58d4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 23:15:00 GMT

read more

CVE-2025-54951 - ExecuTorch Buffer Overflow Vulnerabilities

CVE ID : CVE-2025-54951
Published : Aug. 7, 2025, 11:15 p.m. | 12 hours, 40 minutes ago
Description : A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 23:15:00 GMT

read more

CVE-2025-30405 - ExecuTorch Integer Overflow Code Execution Vulnerability

CVE ID : CVE-2025-30405
Published : Aug. 7, 2025, 11:15 p.m. | 12 hours, 2 minutes ago
Description : An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 23:15:00 GMT

read more

CVE-2025-30404 - Apache ExecuTorch Integer Overflow Code Execution

CVE ID : CVE-2025-30404
Published : Aug. 7, 2025, 11:15 p.m. | 10 hours, 33 minutes ago
Description : An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 23:15:00 GMT

read more

CVE-2025-54787 - SuiteCRM Unauthenticated File Download Vulnerability

CVE ID : CVE-2025-54787
Published : Aug. 7, 2025, 10:15 p.m. | 11 hours, 33 minutes ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID (e.g. attachments). An unauthenticated attacker could download internal files when he discovers a valid file-ID. Valid IDs could be brute-forced, but this is quite time-consuming as the file-IDs are usually UUIDs. This issue is fixed in version 7.14.7.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 22:15:00 GMT

read more

CVE-2025-53787 - Microsoft 365 Copilot BizChat Sensitive Data Exposure

CVE ID : CVE-2025-53787
Published : Aug. 7, 2025, 9:15 p.m. | 8 hours, 3 minutes ago
Description : Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-53792 - Azure Portal Unauthenticated Remote Command Injection

CVE ID : CVE-2025-53792
Published : Aug. 7, 2025, 9:15 p.m. | 8 hours, 3 minutes ago
Description : Azure Portal Elevation of Privilege Vulnerability
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-8698 - Open5GS AMF Service Assertion Vulnerability

CVE ID : CVE-2025-8698
Published : Aug. 7, 2025, 9:15 p.m. | 8 hours, 3 minutes ago
Description : A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusession_handle_release_sm_context of the file src/amf/nsmf-handler.c of the component AMF Service. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The name of the patch is 66bc558e417e70ae216ec155e4e81c14ae0ecf30. It is recommended to apply a patch to fix this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-8701 - Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE ID : CVE-2025-8701
Published : Aug. 7, 2025, 9:15 p.m. | 8 hours, 3 minutes ago
Description : A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /OL_OprationLog/GetPageList. The manipulation of the argument optUser leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-45765 - Apache Ruby-JWT Weak Encryption Vulnerability

CVE ID : CVE-2025-45765
Published : Aug. 7, 2025, 9:15 p.m. | 6 hours, 22 minutes ago
Description : ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-53767 - Azure OpenAI Privilege Escalation

CVE ID : CVE-2025-53767
Published : Aug. 7, 2025, 9:15 p.m. | 6 hours, 22 minutes ago
Description : Azure OpenAI Elevation of Privilege Vulnerability
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-53774 - Microsoft 365 Copilot BizChat Unauthenticated Data Exposure

CVE ID : CVE-2025-53774
Published : Aug. 7, 2025, 9:15 p.m. | 6 hours, 22 minutes ago
Description : Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-26513 - EMC SAN Host Utilities Privilege Escalation Vulnerability

CVE ID : CVE-2025-26513
Published : Aug. 7, 2025, 9:15 p.m. | 6 hours, 3 minutes ago
Description : The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 21:15:00 GMT

read more

CVE-2025-48709 - BMC Control-M Cleartext Credentials Exposure Vulnerability

CVE ID : CVE-2025-48709
Published : Aug. 7, 2025, 8:15 p.m. | 7 hours, 3 minutes ago
Description : An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-47183 - GStreamer Isomp4 Information Disclosure

CVE ID : CVE-2025-47183
Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago
Description : In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-47219 - GStreamer isomp4 Information Disclosure Vulnerability

CVE ID : CVE-2025-47219
Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago
Description : In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-47806 - GStreamer Subparse Buffer Overflow

CVE ID : CVE-2025-47806
Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago
Description : In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-47807 - GStreamer Subparse NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-47807
Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago
Description : In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-47808 - GStreamer Subparse NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-47808
Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago
Description : In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 20:15:00 GMT

read more

CVE-2025-7195 - Operator-SDK Insecure User Setup Permissions Vulnerability

CVE ID : CVE-2025-7195
Published : Aug. 7, 2025, 7:15 p.m. | 5 hours, 34 minutes ago
Description : Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2025-8697 - AgentUniverse MCPSessionManager/MCPTool/MCPToolkit Os Command Injection Vulnerability

CVE ID : CVE-2025-8697
Published : Aug. 7, 2025, 7:15 p.m. | 5 hours, 34 minutes ago
Description : A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2025-50675 - GPMAW Unprivileged Privilege Escalation Vulnerability

CVE ID : CVE-2025-50675
Published : Aug. 7, 2025, 7:15 p.m. | 3 hours, 33 minutes ago
Description : GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to manipulate files within the directory, including executable files like GPMAW3.exe, Fragment.exe, and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user's context, the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2025-50692 - FoxCMS Remote Code Execution Vulnerability

CVE ID : CVE-2025-50692
Published : Aug. 7, 2025, 7:15 p.m. | 3 hours, 33 minutes ago
Description : FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2025-51533 - Sage DPW IDOR Vulnerability

CVE ID : CVE-2025-51533
Published : Aug. 7, 2025, 7:15 p.m. | 3 hours, 33 minutes ago
Description : An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2025-55077 - Tyler Technologies ERP Pro 9 SaaS Privilege Escalation Command Injection

CVE ID : CVE-2025-55077
Published : Aug. 7, 2025, 7:15 p.m. | 3 hours, 33 minutes ago
Description : Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 19:15:00 GMT

read more

CVE-2023-41530 - "MediCare SQL Injection"

CVE ID : CVE-2023-41530
Published : Aug. 7, 2025, 6:15 p.m. | 4 hours, 33 minutes ago
Description : Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41531 - Hospital Management System SQL Injection Vulnerability

CVE ID : CVE-2023-41531
Published : Aug. 7, 2025, 6:15 p.m. | 4 hours, 33 minutes ago
Description : Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41532 - Medicore Hospital Management System SQL Injection

CVE ID : CVE-2023-41532
Published : Aug. 7, 2025, 6:15 p.m. | 4 hours, 33 minutes ago
Description : Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2025-51629 - Eccobook PdfViewer XSS

CVE ID : CVE-2025-51629
Published : Aug. 7, 2025, 6:15 p.m. | 4 hours, 33 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41521 - SAM System SQL Injection Vulnerability

CVE ID : CVE-2023-41521
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41522 - SAMSS SQL Injection Vulnerability

CVE ID : CVE-2023-41522
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41523 - SAMSS SQL Injection

CVE ID : CVE-2023-41523
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41524 - SAM System SQL Injection

CVE ID : CVE-2023-41524
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41525 - MedCare Hospital Management System SQL Injection

CVE ID : CVE-2023-41525
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41526 - "MediCare Hospital Management System SQL Injection Vulnerability"

CVE ID : CVE-2023-41526
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41527 - Medcare Hospital Management System SQL Injection

CVE ID : CVE-2023-41527
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41528 - "MediCare SQL Injection Vulnerability"

CVE ID : CVE-2023-41528
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41529 - "MediSys Hospital Management System Cross-Site Scripting Vulnerability"

CVE ID : CVE-2023-41529
Published : Aug. 7, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-40992 - Apache Hospital Management System SQL Injection Vulnerability

CVE ID : CVE-2023-40992
Published : Aug. 7, 2025, 6:15 p.m. | 1 hour, 16 minutes ago
Description : Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41519 - SAM System Cross-Site Scripting Vulnerability

CVE ID : CVE-2023-41519
Published : Aug. 7, 2025, 6:15 p.m. | 1 hour, 16 minutes ago
Description : Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2023-41520 - SAM System SQL Injection Vulnerability

CVE ID : CVE-2023-41520
Published : Aug. 7, 2025, 6:15 p.m. | 1 hour, 16 minutes ago
Description : Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 18:15:00 GMT

read more

CVE-2025-54397 - Netwrix Directory Manager Information Disclosure Vulnerability

CVE ID : CVE-2025-54397
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 16 minutes ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-55137 - Apache LinkJoin Authentication Bypass

CVE ID : CVE-2025-55137
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 16 minutes ago
Description : LinkJoin through 882f196 mishandles lacks type checking in password reset.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-55138 - LinkJoin Password Reset Token Ownership Vulnerability

CVE ID : CVE-2025-55138
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 16 minutes ago
Description : LinkJoin through 882f196 mishandles token ownership in password reset.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-34152 - "Aitemi M300 Wi-Fi Repeater OS Command Injection"

CVE ID : CVE-2025-34152
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-54392 - Netwrix Directory Manager Cross-Site Scripting

CVE ID : CVE-2025-54392
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-54393 - Netwrix Directory Manager Static Code Injection Vulnerability

CVE ID : CVE-2025-54393
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-54394 - Netwrix Directory Manager Insufficiently Protected Credentials Vulnerability

CVE ID : CVE-2025-54394
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-54395 - Netwrix Directory Manager XSS Vulnerability

CVE ID : CVE-2025-54395
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-54396 - Netwrix Directory Manager SQL Injection

CVE ID : CVE-2025-54396
Published : Aug. 7, 2025, 5:15 p.m. | 2 hours, 1 minute ago
Description : Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2024-42048 - OpenOrange Business Framework Privilege Escalation

CVE ID : CVE-2024-42048
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : OpenOrange Business Framework 1.15.5 provides unprivileged users with write access to the installation directory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-24000 - WPExperts Post SMTP Authentication Bypass

CVE ID : CVE-2025-24000
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in WPExperts Post SMTP allows Authentication Bypass.This issue affects Post SMTP: from n/a through 3.2.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-34148 - Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection Vulnerability

CVE ID : CVE-2025-34148
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root, resulting in full device compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-34149 - Shenzhen Aitemi M300 Wi-Fi Repeater WPA2 Command Injection

CVE ID : CVE-2025-34149
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and can be triggered during wireless setup.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-34150 - Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Command Injection Vulnerability

CVE ID : CVE-2025-34150
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2025-34151 - Shenzhen Aitemi M300 Wi-Fi Repeater Command Injection Vulnerability

CVE ID : CVE-2025-34151
Published : Aug. 7, 2025, 5:15 p.m. | 16 minutes ago
Description : A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 17:15:00 GMT

read more

CVE-2024-56339 - IBM WebSphere Application Server Bypass of Security Restrictions Vulnerability

CVE ID : CVE-2024-56339
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-44779 - Ollama File Deletion Remote Code Execution

CVE ID : CVE-2025-44779
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-47907 - Apache Cassandra Rows QueryLogic Race Condition

CVE ID : CVE-2025-47907
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-55133 - Agora Foundation Agora Cross-Site Scripting (XSS)

CVE ID : CVE-2025-55133
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-55134 - "Agora Foundation Agora XSS Injection Vulnerability"

CVE ID : CVE-2025-55134
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/js/editorManager.js.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-55135 - Agora Foundation Agora XSS via SVG Profile Picture

CVE ID : CVE-2025-55135
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-55136 - ERC Insecure Deserialization Vulnerability

CVE ID : CVE-2025-55136
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : ERC (aka Emotion Recognition in Conversation) through 0.3 has insecure deserialization via a serialized object because jsonpickle is used.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-7054 - Cloudflare Quiche Infinite QUIC Connection ID Retirement Loop Vulnerability

CVE ID : CVE-2025-7054
Published : Aug. 7, 2025, 4:15 p.m. | 1 hour, 16 minutes ago
Description : Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Once the QUIC handshake completes, a local endpoint is responsible for issuing and retiring Connection IDs that are used by the remote peer to populate the Destination Connection ID field in packets sent from remote to local. Each Connection ID has a sequence number to ensure synchronization between peers. An unauthenticated remote attacker can exploit this vulnerability by first completing a handshake and then sending a specially-crafted set of frames that trigger a connection ID retirement in the victim. When the victim attempts to send a packet containing RETIRE_CONNECTION_ID frames, Section 19.16 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-19.6 requires that the sequence number of the retired connection ID must not be the same as the sequence number of the connection ID used by the packet. In other words, a packet cannot contain a frame that retires itself. In scenarios such as path migration, it is possible for there to be multiple active paths with different active connection IDs that could be used to retire each other. The exploit triggered an unintentional behaviour of a quiche design feature that supports retirement across paths while maintaining full connection ID synchronization, leading to an infinite loop.This issue affects quiche: from 0.15.0 before 0.24.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 16:15:00 GMT

read more

CVE-2025-47188 - Mitel SIP Phones Command Injection Vulnerability

CVE ID : CVE-2025-47188
Published : Aug. 7, 2025, 3:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the phone, leading to disclosure or modification of sensitive configuration data or affecting device availability and operation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 15:15:00 GMT

read more

CVE-2025-50952 - OpenJPEG NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-50952
Published : Aug. 7, 2025, 3:15 p.m. | 2 hours, 16 minutes ago
Description : openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 15:15:00 GMT

read more

CVE-2024-52680 - EyouCMS Cross Site Scripting Vulnerability

CVE ID : CVE-2024-52680
Published : Aug. 7, 2025, 2:15 p.m. | 3 hours ago
Description : EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 14:15:00 GMT

read more

CVE-2024-55401 - 4C Strategies Exonaut Directory Traversal Vulnerability

CVE ID : CVE-2024-55401
Published : Aug. 7, 2025, 2:15 p.m. | 3 hours ago
Description : An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 14:15:00 GMT

read more

CVE-2025-8533 - Fantastical XPC Services Unauthenticated Remote Code Execution

CVE ID : CVE-2025-8533
Published : Aug. 7, 2025, 10:15 a.m. | 7 hours ago
Description : A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could connect to the XPC service and access its methods. This issue has been resolved in version 4.0.16.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 10:15:00 GMT

read more

CVE-2025-29866 - TAGFREE X-Free Uploader Path Traversal Vulnerability

CVE ID : CVE-2025-29866
Published : Aug. 7, 2025, 6:15 a.m. | 11 hours ago
Description : : External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 06:15:00 GMT

read more

CVE-2025-35970 - SEIKO EPSON and FUJIFILM SNMP Guessable Administrator Password Vulnerability

CVE ID : CVE-2025-35970
Published : Aug. 7, 2025, 6:15 a.m. | 11 hours ago
Description : On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 06:15:00 GMT

read more

CVE-2025-32094 - Akamai Ghost HTTP Request Smuggling Vulnerability

CVE ID : CVE-2025-32094
Published : Aug. 7, 2025, 5:15 a.m. | 12 hours ago
Description : An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 05:15:00 GMT

read more

CVE-2025-29865 - TAGFREE X-Free Uploader Path Traversal Vulnerability

CVE ID : CVE-2025-29865
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path Traversal.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8576 - "Google Chrome Extensions Use After Free Heap Corruption Vulnerability"

CVE ID : CVE-2025-8576
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8577 - Google Chrome Picture In Picture UI Spoofing Vulnerability

CVE ID : CVE-2025-8577
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8578 - Google Chrome Use After Free Heap Corruption Vulnerability

CVE ID : CVE-2025-8578
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8579 - Google Chrome Picture In Picture UI Spoofing Vulnerability

CVE ID : CVE-2025-8579
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8580 - Google Chrome Filesystems UI Spoofing Vulnerability

CVE ID : CVE-2025-8580
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8581 - Google Chrome Extensions Cross-Origin Data Leakage

CVE ID : CVE-2025-8581
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8582 - Google Chrome URL Bar Spoofing Vulnerability

CVE ID : CVE-2025-8582
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-8583 - Google Chrome Permissions UI Spoofing Vulnerability

CVE ID : CVE-2025-8583
Published : Aug. 7, 2025, 2:15 a.m. | 15 hours ago
Description : Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 02:15:00 GMT

read more

CVE-2025-3770 - EDK2 BIOS Bootkit Execution

CVE ID : CVE-2025-3770
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54783 - SuiteCRM Reflected Cross-Site Scripting (XSS)

CVE ID : CVE-2025-54783
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include some arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but allow the JavaScript code to execute. This is fixed in version 7.14.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54784 - SuiteCRM Cross Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-54784
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance. By simply viewing emails as the logged-in user, the payload can be triggered. With that, an attacker is able to run arbitrary actions as the logged-in user - like extracting data, or if it is an admin executing the payload, takeover the instance. This is fixed in versions 7.14.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54798 - tmp Node.js Symbolic Link Directory Write Vulnerability

CVE ID : CVE-2025-54798
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54799 - Lego ACME Library HTTP to HTTPS Enforcement Weakness

CVE ID : CVE-2025-54799
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME challenge over unencrypted HTTP, the ACME protocol requires HTTPS when a client communicates with the CA to performs ACME functions. However, the library fails to enforce HTTPS both in the original discover URL (configured by the library user) and in the subsequent addresses returned by the CAs in the directory and order objects. If users input HTTP URLs or CAs misconfigure endpoints, protocol operations occur over HTTP instead of HTTPS. This compromises privacy by exposing request/response details like account and request identifiers to network attackers. This was fixed in version 4.25.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54882 - Microsoft Azure Entra ID and Intune Himmelblau World Readable Kerberos Credential Cache

CVE ID : CVE-2025-54882
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54885 - Thinbus Javascript Secure Remote Password SRP6a Protocol Compliance Bug

CVE ID : CVE-2025-54885
Published : Aug. 7, 2025, 1:15 a.m. | 14 hours, 49 minutes ago
Description : Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime (defaulted to 2048 bits). The client public value is being generated from a private value that is 4 bits below the specification. This reduces the protocol's designed security margin it is now practically exploitable. The servers full sized 2048 bit random number is used to create the shared session key and password proof. This is fixed in version 2.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 01:15:00 GMT

read more

CVE-2025-54788 - SuiteCRM InboundEmail SQL Injection Vulnerability

CVE ID : CVE-2025-54788
Published : Aug. 7, 2025, 12:15 a.m. | 15 hours, 49 minutes ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on confidentiality, integrity, and availability, as database data can be retrieved, modified, or removed entirely. This issue is fixed in version 7.14.7.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 00:15:00 GMT

read more

CVE-2025-54785 - SuiteCRM PHP Object Injection Vulnerability

CVE ID : CVE-2025-54785
Published : Aug. 7, 2025, 12:15 a.m. | 15 hours ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 00:15:00 GMT

read more

CVE-2025-54786 - SuiteCRM Broken Authentication in iCal Service

CVE ID : CVE-2025-54786
Published : Aug. 7, 2025, 12:15 a.m. | 15 hours ago
Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 07 Aug 2025 00:15:00 GMT

read more

CVE-2023-3194 - CVE-2022-1234: Apache Struts Remote Code Execution

CVE ID : CVE-2023-3194
Published : Aug. 6, 2025, 11:15 p.m. | 14 hours, 15 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 23:15:00 GMT

read more

CVE-2025-8086 - Apache HTTP Server Remote Code Execution Vulnerability

CVE ID : CVE-2025-8086
Published : Aug. 6, 2025, 11:15 p.m. | 14 hours, 15 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 23:15:00 GMT

read more

CVE-2025-7770 - Tigo Energy CCA Predictable Session ID Vulnerability

CVE ID : CVE-2025-7770
Published : Aug. 6, 2025, 9:15 p.m. | 11 hours, 59 minutes ago
Description : Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requirements for certain commands, this enables unauthorized access to sensitive device functions on connected solar optimization systems.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-7768 - Tigo Energy CCA Hard-Coded Credentials Vulnerability

CVE ID : CVE-2025-7768
Published : Aug. 6, 2025, 9:15 p.m. | 8 hours, 32 minutes ago
Description : Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-7769 - Tigo Energy CCA Command Injection Vulnerability

CVE ID : CVE-2025-7769
Published : Aug. 6, 2025, 9:15 p.m. | 8 hours, 32 minutes ago
Description : Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, this enables attackers to execute arbitrary commands on the device that could cause potential unauthorized access, service disruption, and data exposure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-6634 - Autodesk 3ds Max Memory Corruption Vulnerability

CVE ID : CVE-2025-6634
Published : Aug. 6, 2025, 9:15 p.m. | 7 hours, 59 minutes ago
Description : A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51052 - Vedo Suite Path Traversal Vulnerability

CVE ID : CVE-2025-51052
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51053 - Vedo Suite Cross-site Scripting (XSS)

CVE ID : CVE-2025-51053
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51054 - Vedo Suite Authentication Bypass

CVE ID : CVE-2025-51054
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51055 - Vedo Suite Insecure Data Storage Vulnerability

CVE ID : CVE-2025-51055
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51056 - Vedo Suite Unrestricted File Upload RCE

CVE ID : CVE-2025-51056
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51057 - Vedo Suite LFI Vulnerability

CVE ID : CVE-2025-51057
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-51058 - Bottinelli Informatical Vedo Suite SSRF

CVE ID : CVE-2025-51058
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-6632 - Autodesk 3ds Max Out-of-Bounds Read

CVE ID : CVE-2025-6632
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-6633 - Autodesk 3ds Max Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-6633
Published : Aug. 6, 2025, 9:15 p.m. | 4 hours, 15 minutes ago
Description : A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2024-55398 - 4C Strategies Exonaut Insecure Permissions Vulnerability

CVE ID : CVE-2024-55398
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2024-55399 - 4C Strategies Exonaut SSRF

CVE ID : CVE-2024-55399
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : 4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2024-55402 - 4C Strategies Exonaut Authentication Bypass Vulnerability

CVE ID : CVE-2024-55402
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : 4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-46660 - 4C Strategies Exonaut Hashing Without Salt Vulnerability

CVE ID : CVE-2025-46660
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-47908 - Apache Middleware Denial of Service Vulnerability

CVE ID : CVE-2025-47908
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-50740 - AutoConnect Arduino Library XSS Vulnerability

CVE ID : CVE-2025-50740
Published : Aug. 6, 2025, 9:15 p.m. | 1 hour, 59 minutes ago
Description : AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 21:15:00 GMT

read more

CVE-2025-38746 - Dell SupportAssist OS Recovery Exposure of Sensitive Information to an Unauthorized Actor

CVE ID : CVE-2025-38746
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-38747 - Dell SupportAssist Elevation of Privileges Vulnerability

CVE ID : CVE-2025-38747
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-45764 - jsrsasign RSA Key Encryption Weakness

CVE ID : CVE-2025-45764
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : jsrsasign v11.1.0 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-45766 - Poco Weak Encryption Vulnerability

CVE ID : CVE-2025-45766
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : poco v1.14.1-release was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-46659 - "4C Strategies Exonaut External HTTPS Information Disclosure"

CVE ID : CVE-2025-46659
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-51624 - Zone Bitaqati Cross-Site Scripting (XSS)

CVE ID : CVE-2025-51624
Published : Aug. 6, 2025, 8:15 p.m. | 2 hours, 59 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 20:15:00 GMT

read more

CVE-2025-8130 - Apache Struts Command Injection Vulnerability

CVE ID : CVE-2025-8130
Published : Aug. 6, 2025, 7:15 p.m. | 2 hours, 11 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 19:15:00 GMT

read more

CVE-2025-8667 - SkyworkAI DeepResearchAgent OS Command Injection Vulnerability

CVE ID : CVE-2025-8667
Published : Aug. 6, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 18:15:00 GMT

read more

CVE-2025-20215 - Cisco Webex Meetings Unauthenticated Meeting-Join Vulnerability

CVE ID : CVE-2025-20215
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed due to client certificate validation issues. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by monitoring local wireless or adjacent networks for client-join requests and attempting to interrupt and complete the meeting-join flow as another user who was currently joining a meeting. To successfully exploit the vulnerability, an attacker would need the capability to position themselves in a local wireless or adjacent network, to monitor and intercept the targeted network traffic flows, and to satisfy timing requirements in order to interrupt the meeting-join flow and exploit the vulnerability. A successful exploit could have allowed the attacker to join the meeting as another user. However, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2025-20331 - Cisco ISE/Cisco ISE-PIC Stored XSS Vulnerability

CVE ID : CVE-2025-20331
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on the affected device.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2025-20332 - Cisco ISE HTTP Request Forgery (Remote Code Execution)

CVE ID : CVE-2025-20332
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify descriptions of files on a specific page. To exploit this vulnerability, an attacker would need valid read-only Administrator credentials.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2025-30127 - Marbella KR8s Dashcam FF Information Disclosure and File Access Vulnerability

CVE ID : CVE-2025-30127
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port 7777, and then downloading video via port 7778 and audio via port 7779.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2025-8419 - Keycloak SMTP Injection Vulnerability

CVE ID : CVE-2025-8419
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2025-8665 - Agno-agi Agno Os Command Injection Vulnerability

CVE ID : CVE-2025-8665
Published : Aug. 6, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 17:15:00 GMT

read more

CVE-2024-8244 - Go filepath Symbolic Link TOCTOU

CVE ID : CVE-2024-8244
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-48393 - Eaton Firmware Man-in-the-Middle Attack Vulnerability

CVE ID : CVE-2025-48393
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest version which is available on the Eaton download center.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-48394 - Eaton File Traversal Vulnerability

CVE ID : CVE-2025-48394
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-51531 - Sage DPW Reflected Cross-Site Scripting (XSS)

CVE ID : CVE-2025-51531
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in Sage DPW v2024.12.003 allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injcting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. This is fixed in Halbjahresversion 2024_12_004.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-51532 - Sage DPW Unauthenticated Access Control Bypass Vulnerability

CVE ID : CVE-2025-51532
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : Incorrect access control in Sage DPW v2024.12.003 allows unauthorized attackers to access the built-in Database Monitor via a crafted request. This is fixed in Halbjahresversion 2024_12_004.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-53786 - Microsoft Exchange Server Hybrid Deployment Authentication Bypass Vulnerability

CVE ID : CVE-2025-53786
Published : Aug. 6, 2025, 4:15 p.m. | 5 hours, 11 minutes ago
Description : On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 16:15:00 GMT

read more

CVE-2025-50234 - MCCMS SSRF Flaw

CVE ID : CVE-2025-50234
Published : Aug. 6, 2025, 3:15 p.m. | 6 hours, 11 minutes ago
Description : MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1) function, which utilizes a hard-coded key Mc_Encryption_Key (bD2voYwPpNuJ7B8), defined in the db.php file. The decrypted URL is passed to the geturl() method, which uses cURL to make a request to the URL without proper security checks. An attacker can craft a malicious encrypted pic parameter, which, when decrypted, points to internal addresses or local file paths (such as http://127.0.0.1 or file://). By using the file:// protocol, the attacker can access arbitrary files on the local file system (e.g., file:///etc/passwd, file:///C:/Windows/System32/drivers/etc/hosts), allowing them to read sensitive configuration files, log files, and more, leading to information leakage or system exposure. The danger of this SSRF vulnerability includes accessing internal services and local file systems through protocols like http://, ftp://, and file://, which can result in sensitive data leakage, remote code execution, privilege escalation, or full system compromise, severely affecting the system's security and stability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-50286 - Grav CMS Remote Code Execution

CVE ID : CVE-2025-50286
Published : Aug. 6, 2025, 3:15 p.m. | 6 hours, 11 minutes ago
Description : A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-51040 - Electrolink FM/DAB/TV Transmitter Web Unauthorized Access

CVE ID : CVE-2025-51040
Published : Aug. 6, 2025, 3:15 p.m. | 6 hours, 11 minutes ago
Description : Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-51306 - Gatling Enterprise Session Token Expired

CVE ID : CVE-2025-51306
Published : Aug. 6, 2025, 3:15 p.m. | 6 hours, 11 minutes ago
Description : In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-51308 - Gatling Enterprise Information Disclosure Vulnerability

CVE ID : CVE-2025-51308
Published : Aug. 6, 2025, 3:15 p.m. | 6 hours, 11 minutes ago
Description : In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2024-52885 - Fortinet Mobile Access Portal Directory Traversal Vulnerability

CVE ID : CVE-2024-52885
Published : Aug. 6, 2025, 3:15 p.m. | 4 hours, 8 minutes ago
Description : The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-2028 - Apache Log4j Country Flag IP Information Disclosure

CVE ID : CVE-2025-2028
Published : Aug. 6, 2025, 3:15 p.m. | 4 hours, 8 minutes ago
Description : Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-36020 - IBM Guardium Data Protection Cleartext Credential Disclosure

CVE ID : CVE-2025-36020
Published : Aug. 6, 2025, 3:15 p.m. | 4 hours, 8 minutes ago
Description : IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-50233 - QCMS File Inclusion Vulnerability

CVE ID : CVE-2025-50233
Published : Aug. 6, 2025, 3:15 p.m. | 4 hours, 8 minutes ago
Description : A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 15:15:00 GMT

read more

CVE-2025-3320 - IBM Tivoli Monitoring Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-3320
Published : Aug. 6, 2025, 2:15 p.m. | 5 hours, 8 minutes ago
Description : IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 14:15:00 GMT

read more

CVE-2025-3354 - IBM Tivoli Monitoring Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-3354
Published : Aug. 6, 2025, 2:15 p.m. | 5 hours, 8 minutes ago
Description : IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 14:15:00 GMT

read more

CVE-2025-8616 - OpenText Advanced Authentication Browser Plugin Authentication Bypass

CVE ID : CVE-2025-8616
Published : Aug. 6, 2025, 2:15 p.m. | 5 hours, 8 minutes ago
Description : A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 14:15:00 GMT

read more

CVE-2025-23325 - NVIDIA Triton Inference Server Recursion Denial of Service

CVE ID : CVE-2025-23325
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23326 - NVIDIA Triton Inference Server Integer Overflow Denial of Service

CVE ID : CVE-2025-23326
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23327 - NVIDIA Triton Inference Server Integer Overflow Vulnerability

CVE ID : CVE-2025-23327
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might lead to denial of service and data tampering.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23331 - NVIDIA Triton Inference Server Denial of Service (DoS)

CVE ID : CVE-2025-23331
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23333 - NVIDIA Triton Inference Server Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-23333
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23334 - NVIDIA Triton Inference Server Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-23334
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23335 - NVIDIA Triton Inference Server Denial of Service Underflow

CVE ID : CVE-2025-23335
Published : Aug. 6, 2025, 1:15 p.m. | 4 hours, 10 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead to denial of service.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23310 - NVIDIA Triton Inference Server Stack Buffer Overflow Vulnerability

CVE ID : CVE-2025-23310
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23311 - NVIDIA Triton Inference Server Stack Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-23311
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23317 - NVIDIA Triton Inference Server HTTP Server Remote Code Execution Vulnerability

CVE ID : CVE-2025-23317
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23318 - NVIDIA Triton Inference Server Python Backend Out-of-Bounds Write

CVE ID : CVE-2025-23318
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23319 - NVIDIA Triton Inference Server Python Backend Out-of-Bounds Write Remote Code Execution Vulnerability

CVE ID : CVE-2025-23319
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23320 - NVIDIA Triton Inference Server Memory Information Disclosure

CVE ID : CVE-2025-23320
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23321 - NVIDIA Triton Inference Server Divide by Zero Denial of Service

CVE ID : CVE-2025-23321
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23322 - NVIDIA Triton Inference Server Double Free Denial of Service Vulnerability

CVE ID : CVE-2025-23322
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23323 - NVIDIA Triton Inference Server Integer Overflow Denial of Service

CVE ID : CVE-2025-23323
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-23324 - NVIDIA Triton Inference Server Integer Overflow Denial of Service

CVE ID : CVE-2025-23324
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 58 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 13:15:00 GMT

read more

CVE-2025-5197 - Hugging Face Transformers ReDoS Vulnerability

CVE ID : CVE-2025-5197
Published : Aug. 6, 2025, 12:15 p.m. | 2 hours, 58 minutes ago
Description : A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 12:15:00 GMT

read more

CVE-2025-46388 - Apache HTTP Server Information Disclosure

CVE ID : CVE-2025-46388
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 58 minutes ago
Description : CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-46389 - Microsoft Azure Active Directory Password Change

CVE ID : CVE-2025-46389
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 58 minutes ago
Description : CWE-620: Unverified Password Change
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-46390 - Apache Web Server HTTP Response Manipulation Vulnerability

CVE ID : CVE-2025-46390
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 58 minutes ago
Description : CWE-204: Observable Response Discrepancy
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-46391 - Apache HTTP Server Authentication Bypass

CVE ID : CVE-2025-46391
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 58 minutes ago
Description : CWE-284: Improper Access Control
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-46386 - Apache Struts Authentication Bypass

CVE ID : CVE-2025-46386
Published : Aug. 6, 2025, 11:15 a.m. | 1 hour, 41 minutes ago
Description : CWE-639 Authorization Bypass Through User-Controlled Key
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-46387 - Apache Struts SSRF

CVE ID : CVE-2025-46387
Published : Aug. 6, 2025, 11:15 a.m. | 1 hour, 41 minutes ago
Description : CWE-639 Authorization Bypass Through User-Controlled Key
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 11:15:00 GMT

read more

CVE-2025-22469 - Siemens SIMATIC S7-1200 OS Command Injection Vulnerability

CVE ID : CVE-2025-22469
Published : Aug. 6, 2025, 10:15 a.m. | 2 hours, 41 minutes ago
Description : OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. An arbitrary OS command may be executed on the system with a certain non-administrative user privilege.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 10:15:00 GMT

read more

CVE-2025-22470 - Siemens SIMATIC CL4/6NX Plus Lua File Execution Vulnerability

CVE ID : CVE-2025-22470
Published : Aug. 6, 2025, 10:15 a.m. | 2 hours, 41 minutes ago
Description : CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 10:15:00 GMT

read more

CVE-2025-6013 - Vault LDAP MFA Enforcement Weakness

CVE ID : CVE-2025-6013
Published : Aug. 6, 2025, 10:15 a.m. | 2 hours, 41 minutes ago
Description : Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 10:15:00 GMT

read more

CVE-2025-7771 - "ThrottleStop.sys Kernel Memory Access Vulnerability"

CVE ID : CVE-2025-7771
Published : Aug. 6, 2025, 10:15 a.m. | 2 hours, 41 minutes ago
Description : ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 10:15:00 GMT

read more

CVE-2025-8620 - GiveWP Information Exposure Vulnerability

CVE ID : CVE-2025-8620
Published : Aug. 6, 2025, 10:15 a.m. | 2 hours, 41 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 10:15:00 GMT

read more

CVE-2025-7202 - Elgato Key Lights CSRF Vulnerability

CVE ID : CVE-2025-7202
Published : Aug. 6, 2025, 9:15 a.m. | 3 hours, 41 minutes ago
Description : A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 09:15:00 GMT

read more

CVE-2025-8556 - CIRCL FourQ Elliptic Curve Diffie-Hellman Key Exchange Session Compromise

CVE ID : CVE-2025-8556
Published : Aug. 6, 2025, 9:15 a.m. | 3 hours, 41 minutes ago
Description : A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 09:15:00 GMT

read more

CVE-2025-27066 - "Qualcomm Wi-Fi ANQP Message Processing Denial of Service"

CVE ID : CVE-2025-27066
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Transient DOS while processing an ANQP message.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27067 - Intel Graphics Memory Corruption Vulnerability

CVE ID : CVE-2025-27067
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing DDI call with invalid buffer.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27068 - Apache ExoPlayer IOCTL Memory Corruption

CVE ID : CVE-2025-27068
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing an IOCTL command with an arbitrary address.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27069 - Citrix Hypervisor Memory Corruption Vulnerability

CVE ID : CVE-2025-27069
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing DDI command calls.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27071 - Powerline Communication Firmware Buffer Overflow

CVE ID : CVE-2025-27071
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing specific files in Powerline Communication Firmware.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27072 - Cisco EAVB Header Length Information Disclosure Vulnerability

CVE ID : CVE-2025-27072
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Information disclosure while processing a packet at EAVB BE side with invalid header length.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27073 - Cisco Nexus Series: Denial of Service Vulnerability

CVE ID : CVE-2025-27073
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Transient DOS while creating NDP instance.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27075 - Qualcomm Bluetooth Host Memory Corruption Vulnerability

CVE ID : CVE-2025-27075
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27076 - Citrix NetScaler Memory Corruption Vulnerability

CVE ID : CVE-2025-27076
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Memory corruption while processing simultaneous requests via escape path.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-47324 - D-Link Powerline Information Disclosure Vulnerability

CVE ID : CVE-2025-47324
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : Information disclosure while accessing and modifying the PIB file of a remote device via powerline.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-7954 - Shopware Voucher System Race Condition

CVE ID : CVE-2025-7954
Published : Aug. 6, 2025, 8:15 a.m. | 4 hours, 41 minutes ago
Description : A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21465 - Cisco Networking Equipment Information Disclosure

CVE ID : CVE-2025-21465
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Information disclosure while processing the hash segment in an MBN file.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21472 - Citrix eSE Debug Information Disclosure Vulnerability

CVE ID : CVE-2025-21472
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Information disclosure while capturing logs as eSE debug messages are logged.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21473 - Cisco Camera Data Mover (CDM) Register Write Memory Corruption Vulnerability

CVE ID : CVE-2025-21473
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21474 - Samsung Android A2dp Sink Command Queue Memory Corruption Vulnerability

CVE ID : CVE-2025-21474
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Memory corruption while processing commands from A2dp sink command queue.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21477 - Oracle NetWare CCCH Data Handling Denial of Service Vulnerability

CVE ID : CVE-2025-21477
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Transient DOS while processing CCCH data when NW sends data with invalid length.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27062 - Apache Kafka Deserialization Memory Corruption Vulnerability

CVE ID : CVE-2025-27062
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Memory corruption while handling client exceptions, allowing unauthorized channel access.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-27065 - Cisco Security Appliance Denial of Service

CVE ID : CVE-2025-27065
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 35 minutes ago
Description : Transient DOS while processing a frame with malformed shared-key descriptor.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21452 - Nokia LTE Network Transient Denial of Service

CVE ID : CVE-2025-21452
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21455 - Apache HTTP Server Kernel Memory Corruption Vulnerability

CVE ID : CVE-2025-21455
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Memory corruption while submitting blob data to kernel space though IOCTL.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21456 - Microsoft Windows Kernel IOCTL Buffer Overflow

CVE ID : CVE-2025-21456
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21457 - Apache Fasta RPC Information Disclosure Vulnerability

CVE ID : CVE-2025-21457
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Information disclosure while opening a fastrpc session when domain is not sanitized.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21458 - Apache Cassandra Use-After-Free Buffer Overflow

CVE ID : CVE-2025-21458
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21461 - Qualcomm Snapdragon CDM Register Programming Memory Corruption Vulnerability

CVE ID : CVE-2025-21461
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Memory corruption when programming registers through virtual CDM.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-21464 - Apache ImageMagick Out-of-Bounds Read Information Disclosure

CVE ID : CVE-2025-21464
Published : Aug. 6, 2025, 8:15 a.m. | 58 minutes ago
Description : Information disclosure while reading data from an image using specified offset and size parameters.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 08:15:00 GMT

read more

CVE-2025-20990 - Western Digital External Hard Drive Device Node Access Control Vulnerability

CVE ID : CVE-2025-20990
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21010 - SamsungAccount Privilege Escalation Vulnerability

CVE ID : CVE-2025-21010
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21011 - Samsung Galaxy Watch Unauthenticated Sensor Data Exposure

CVE ID : CVE-2025-21011
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in SemSensorService for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to motion and body sensors.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21012 - Samsung Galaxy Watch Fall Detection Access Control Vulnerability

CVE ID : CVE-2025-21012
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection configuration.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21013 - Samsung Galaxy Watch SemSensorManager Access Control Bypass

CVE ID : CVE-2025-21013
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21014 - Android Emergency SoS Component Export Vulnerability

CVE ID : CVE-2025-21014
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21015 - "Acme Document Scanner Path Traversal Vulnerability (Local File Deletion)"

CVE ID : CVE-2025-21015
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21016 - PkgPredictorService Android Improper Access Control Vulnerability

CVE ID : CVE-2025-21016
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21017 - Blockchain Keystore Out-of-bounds Write Vulnerability

CVE ID : CVE-2025-21017
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21018 - Blockchain Keystore OOB Read Vulnerability

CVE ID : CVE-2025-21018
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21019 - Samsung Health Authorization Bypass Vulnerability

CVE ID : CVE-2025-21019
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. User interaction is required for triggering this vulnerability.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21020 - Blockchain Keystore OOB Write Vulnerability

CVE ID : CVE-2025-21020
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21021 - Blockchain Keystore Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-21021
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21022 - Galaxy Wearable Information Disclosure Vulnerability

CVE ID : CVE-2025-21022
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21023 - Samsung Galaxy Watch Local File Access Vulnerability

CVE ID : CVE-2025-21023
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-21024 - Android Smart View Implicit Intent Information Disclosure Vulnerability

CVE ID : CVE-2025-21024
Published : Aug. 6, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 05:15:00 GMT

read more

CVE-2025-55023 - Fortinet SSL/TLS Weakness

CVE ID : CVE-2025-55023
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55024 - Apache HTTP Server Authentication Bypass

CVE ID : CVE-2025-55024
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55025 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-55025
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55026 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-55026
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55027 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-55027
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-6994 - Smartdatasoft WordPress Reveal Listing Plugin Privilege Escalation

CVE ID : CVE-2025-6994
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-7399 - "Elementor Stored Cross-Site Scripting in Betheme Theme for WordPress"

CVE ID : CVE-2025-7399
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-7498 - Elementor Exclusive Addons Stored Cross-Site Scripting

CVE ID : CVE-2025-7498
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-8100 - Elementor Addons and Templates Stored Cross-Site Scripting

CVE ID : CVE-2025-8100
Published : Aug. 6, 2025, 4:16 a.m. | 3 hours, 9 minutes ago
Description : The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54640 - Apache Flink Deserialization ParcelMismatch Vulnerability

CVE ID : CVE-2025-54640
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54641 - Apache Kernel Buffer Overflow Vulnerability

CVE ID : CVE-2025-54641
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54642 - Qualcomm Snapdragon kernel gyroscope buffer overflow vulnerability

CVE ID : CVE-2025-54642
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54643 - Apache Ambient Light Module Array Out-of-Bounds Information Disclosure

CVE ID : CVE-2025-54643
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54644 - Apache Ambient Light Kernel Memory Corruption

CVE ID : CVE-2025-54644
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54645 - Apache Location Service Array Index Out-of-Bounds Vulnerability

CVE ID : CVE-2025-54645
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Out-of-bounds array access issue due to insufficient data verification in the location service module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54646 - Qualcomm BLE Packet Length Overflow Vulnerability

CVE ID : CVE-2025-54646
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation of this vulnerability may affect performance.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54647 - NearLink SSAP Out-of-bounds Read Vulnerability

CVE ID : CVE-2025-54647
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54648 - NearLink SSAP Out-of-bounds Read Vulnerability

CVE ID : CVE-2025-54648
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54649 - Google Location Service Type Confusion Vulnerability

CVE ID : CVE-2025-54649
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Vulnerability of using incompatible types to access resources in the location service. Impact: Successful exploitation of this vulnerability may cause some location information attributes to be incorrect.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54650 - Cisco Audio Codec Array Index Vulnerability

CVE ID : CVE-2025-54650
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-54651 - HuFS Kernel Race Condition Confidentiality Vulnerability

CVE ID : CVE-2025-54651
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Race condition vulnerability in the kernel hufs module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55019 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-55019
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55020 - Apache Struts Deserialization Vulnerability

CVE ID : CVE-2025-55020
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55021 - Apache HTTP Server Denial of Service

CVE ID : CVE-2025-55021
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-55022 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-55022
Published : Aug. 6, 2025, 4:16 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 04:16:00 GMT

read more

CVE-2025-8632 - Kenwood DMX958XR Command Injection Root RCE

CVE ID : CVE-2025-8632
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26255.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8633 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8633
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26256.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8634 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8634
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26257.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8635 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8635
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26258.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8636 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8636
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26259.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8637 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8637
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26260.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8638 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8638
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26261.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8639 - Kenwood DMX958XR Root Command Injection Vulnerability

CVE ID : CVE-2025-8639
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26262.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8640 - Kenwood DMX958XR Root Command Injection Vulnerability

CVE ID : CVE-2025-8640
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26263.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8641 - Kenwood DMX958XR Firmware Update Root Command Injection Vulnerability

CVE ID : CVE-2025-8641
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26264.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8642 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8642
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26265.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8643 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8643
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26266.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8644 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8644
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26267.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8645 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8645
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26268.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8646 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8646
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26269.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8647 - Kenwood DMX958XR Firmware Update Command Injection Root RCE

CVE ID : CVE-2025-8647
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26270.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8648 - Kenwood DMX958XR Root Command Injection Vulnerability

CVE ID : CVE-2025-8648
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26271.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8649 - Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8649
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26305.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8650 - Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8650
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26306.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8651 - Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8651
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26307.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8652 - Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8652
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKWifiService. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26311.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8653 - Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-8653
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKRadioService. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26312.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8654 - Kenwood DMX958XR Command Injection Remote Code Execution Vulnerability

CVE ID : CVE-2025-8654
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReadMVGImage function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26313.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8655 - Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution

CVE ID : CVE-2025-8655
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26314.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-8656 - Kenwood DMX958XR Software Downgrade Vulnerability

CVE ID : CVE-2025-8656
Published : Aug. 6, 2025, 2:15 a.m. | 56 minutes ago
Description : Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows physically present attackers to downgrade software on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libSystemLib library. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26355.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 02:15:00 GMT

read more

CVE-2025-32430 - XWiki Platform Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-32430
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute malicious JavaScript code in the context of the victim's session by getting the victim to visit an attacker-controlled URL. This permits the attacker to perform arbitrary actions using the permissions of the victim. This issue is fixed in versions 16.4.8, 16.10.6 and 17.3.0-rc-1. To workaround the issue, manually patch the WAR with the same changes as the original patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54124 - XWiki Platform Password Hash Disclosure Vulnerability

CVE ID : CVE-2025-54124
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, any user with editing rights can create an XClass with a database list property that references a password property. When adding an object of that XClass, the content of that password property is displayed. In practice, with a standard rights setup, this means that any user with an account on the wiki can access password hashes of all users, and possibly other password properties (with hashed or plain storage) that are on pages that the user can view. This issue is fixed in versions 16.4.7, 16.10.5 and 17.2.0-rc-1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54125 - XWiki Platform XML Export Information Disclosure Vulnerability

CVE ID : CVE-2025-54125
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can be triggered by any user with view rights on a page by appending ?xpage=xml to the URL includes password and email properties stored on a document that aren't named password or email. This is fixed in versions 16.4.7, 16.10.5 and 17.2.0-rc-1. To work around this issue, the file templates/xml.vm in the deployed WAR can be deleted if the XML isn't needed. There isn't any feature in XWiki itself that depends on the XML export.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54571 - ModSecurity HTTP Response Content-Type Header Hijacking Vulnerability

CVE ID : CVE-2025-54571
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54594 - React Native Bottom Tabs GitHub Actions Code Execution

CVE ID : CVE-2025-54594
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pull_request_target event trigger, which allowed for untrusted code from a forked pull request to be executed in a privileged context. An attacker could create a pull request containing a malicious preinstall script in the package.json file and then trigger the vulnerable workflow by posting a specific comment (!canary). This allowed for arbitrary code execution, leading to the exfiltration of sensitive secrets such as GITHUB_TOKEN and NPM_TOKEN, and could have allowed an attacker to push malicious code to the repository or publish compromised packages to the NPM registry. There is a remediation commit which removes github/workflows/release-canary.yml, but a version with this fix has yet to be released.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54801 - Fiber Ctx.BodyParser Slice Index Overflow/Exhaustion Vulnerability

CVE ID : CVE-2025-54801
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index (e.g., test.18446744073704), the application crashes due to an out-of-bounds slice allocation in the underlying schema decoder. The root cause is that the decoder attempts to allocate a slice of length idx + 1 without validating whether the index is within a safe or reasonable range. If the idx is excessively large, this leads to an integer overflow or memory exhaustion, causing a panic or crash. This is fixed in version 2.52.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54869 - FPDI PDF DoS Vulnerability

CVE ID : CVE-2025-54869
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54872 - "Onion-Site-Template Tor Image Exposure Vulnerability"

CVE ID : CVE-2025-54872
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : onion-site-template is a complete, scalable tor hidden service self-hosting sample. Versions which include commit 3196bd89 contain a baked-in tor image if the secrets were copied from an existing onion domain. A website could be compromised if a user shared the baked-in image, or if someone were able to acquire access to the user's device outside of a containerized environment. This is fixed by commit bc9ba0fd.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54873 - RISC Zero RISC-V Arithmetic Overflow/Underflow

CVE ID : CVE-2025-54873
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed integer division allows multiple outputs for certain inputs with only one being valid, and division by zero results are underconstrained. This issue is fixed in risc0-zkvm version 2.2.0 and version 3.0.0 for the risc0-circuit-rv32im and risc0-circuit-rv32im-sys packages.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54876 - Janssen Project PlainText Password Storage Vulnerability

CVE ID : CVE-2025-54876
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54879 - Mastodon LDAP Rate Limiting Email Confirmation Path Bypass Vulnerability

CVE ID : CVE-2025-54879
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-limiting system has a critical configuration error where the email-based throttle for confirmation emails incorrectly checks the password reset path instead of the confirmation path, effectively disabling per-email limits for confirmation requests. This allows attackers to bypass rate limits by rotating IP addresses and send unlimited confirmation emails to any email address, as only a weak IP-based throttle (25 requests per 5 minutes) remains active. The vulnerability enables denial-of-service attacks that can overwhelm mail queues and facilitate user harassment through confirmation email spam. This is fixed in versions 4.2.24, 4.3.11 and 4.4.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54883 - Vision UI Security Kit Cryptographic Weakness

CVE ID : CVE-2025-54883
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 (packaged in Vision-ui <= 1.4.0) contains a critical cryptographic weakness. Due to a silent 32-bit integer overflow in its internal masking logic, the function fails to produce a uniform distribution of random numbers when the requested range between min and max is larger than 2³². The root cause is the use of a 32-bit bitwise left-shift operation (<<) to generate a bitmask for the rejection sampling algorithm. This causes the mask to be incorrect for any range requiring 32 or more bits of entropy. This issue is fixed in version 1.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

CVE-2025-54884 - Vision UI Denial of Service Vulnerability

CVE ID : CVE-2025-54884
Published : Aug. 6, 2025, 12:15 a.m. | 57 minutes ago
Description : Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the generateSecureId and getSecureRandomInt functions in security-kit versions prior to 3.5.0 (packaged in Vision UI 1.4.0 and below) are vulnerable to Denial of Service (DoS) attacks. The generateSecureId(length) function directly used the length parameter to size a Uint8Array buffer, allowing attackers to exhaust server memory through repeated requests for large IDs since the previous 1024 limit was insufficient. The getSecureRandomInt(min, max) function calculated buffer size based on the range between min and max, where large ranges caused excessive memory allocation and CPU-intensive rejection-sampling loops that could hang the thread. This issue is fixed in version 1.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 06 Aug 2025 00:15:00 GMT

read more

Fuite de données chez Bouygues Telecom

coordonnées, données contractuelles, état civil, IBAN

Wed Aug 06 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

Fuite de données chez Air France

nom, prénom, information de contact, n° et status flying blue, objet des demandes formulées

Wed Aug 06 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

CVE-2025-8571 - Concrete CMS Reflected Cross-Site Scripting (XSS)

CVE ID : CVE-2025-8571
Published : Aug. 5, 2025, 11:15 p.m. | 1 hour, 56 minutes ago
Description : Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session cookies or tokens, defacement of web content, redirection to malicious sites, and (if victim is an admin), the execution of unauthorized actions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Fortbridge https://fortbridge.co.uk/  for performing a penetration test and vulnerability assessment on Concrete CMS and reporting this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 23:15:00 GMT

read more

CVE-2025-8573 - Concrete CMS Stored XSS on Members Dashboard

CVE ID : CVE-2025-8573
Published : Aug. 5, 2025, 11:15 p.m. | 1 hour, 56 minutes ago
Description : Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.  Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev for reporting via HackerOne.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 23:15:00 GMT

read more

CVE-2025-52237 - SSCMS Directory Traversal Vulnerability

CVE ID : CVE-2025-52237
Published : Aug. 5, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 21:15:00 GMT

read more

CVE-2025-53534 - RatPanel Remote Code Execution and Unauthorized Access Vulnerability

CVE ID : CVE-2025-53534
Published : Aug. 5, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 21:15:00 GMT

read more

CVE-2013-10067 - Glossword Remote Code Execution (RCE) Vulnerability

CVE ID : CVE-2013-10067
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10068 - Foxit Reader Plugin Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2013-10068
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10069 - D-Link Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10069
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10070 - Apache PHP-Charts PHP Code Execution Vulnerability

CVE ID : CVE-2013-10070
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2014-125113 - Dell KACE K1000 System Management Appliance Unrestricted File Upload Vulnerability

CVE ID : CVE-2014-125113
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible directory, which are later executed through inclusion in backend code that loads files under attacker-controlled paths.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2025-50592 - Seacms Cross Site Scripting Vulnerability

CVE ID : CVE-2025-50592
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 57 minutes ago
Description : Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2025-51541 - Shopware Stored XSS Vulnerability

CVE ID : CVE-2025-51541
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious JavaScript. This vulnerability can be exploited via a Cross-Site Request Forgery (CSRF) attack due to the absence of CSRF protections on the POST request. An unauthenticated remote attacker can craft a malicious web page that, when visited by a victim, stores the payload persistently in the installation configuration. As a result, the payload executes whenever any user subsequently accesses the vulnerable installation page, leading to persistent client-side code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2025-52078 - Writebot AI Content Generator SaaS File Upload Privilege Escalation Vulnerability

CVE ID : CVE-2025-52078
Published : Aug. 5, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10024 - XBMC HTTP Server Path Traversal Vulnerability

CVE ID : CVE-2012-10024
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw to read arbitrary files from the host filesystem, including sensitive configuration or credential files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10025 - "WordPress Advanced Custom Fields RFI Remote Code Execution"

CVE ID : CVE-2012-10025
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit the acf_abspath POST parameter to include and execute arbitrary remote PHP code. This leads to remote code execution under the web server’s context, allowing full compromise of the host.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10026 - "WordPress Asset-Manager Unauthenticated Remote Code Execution Vulnerability"

CVE ID : CVE-2012-10026
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10027 - WordPress WP-Property Unauthenticated Remote File Upload Vulnerability

CVE ID : CVE-2012-10027
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10028 - Netwin SurgeFTP Command Injection

CVE ID : CVE-2012-10028
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10029 - Nagios XI Command Injection Vulnerability

CVE ID : CVE-2012-10029
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10030 - FreeFloat FTP Server Remote Code Execution Vulnerability

CVE ID : CVE-2012-10030
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically processes and executes them. This results in remote code execution with SYSTEM-level privileges, without requiring user interaction.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10031 - BlazeVideo HDTV Player Pro Stack-Based Buffer Overflow

CVE ID : CVE-2012-10031
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10032 - Maxthon Cross Context Scripting Vulnerability

CVE ID : CVE-2012-10032
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs, including maxthon.program.Program.launch() and maxthon.io.writeDataURL(). Exploitation requires user interaction, typically by visiting a malicious webpage that triggers the injection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10033 - Narcissus PHP Remote Code Execution Vulnerability

CVE ID : CVE-2012-10033
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10034 - "ClanSphere File Inclusion Vulnerability"

CVE ID : CVE-2012-10034
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass file extension checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10035 - Turbo FTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2012-10035
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10064 - ActFax Server Buffer Overflow Vulnerability

CVE ID : CVE-2013-10064
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this vulnerability by sending specially crafted @F506 fields, potentially leading to arbitrary code execution. Successful exploitation requires network access to TCP port 4559 and does not require authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10065 - Sysax Multi-Server SSH Denial-of-Service Vulnerability

CVE ID : CVE-2013-10065
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\x28) in place of the expected SSH protocol delimiter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2013-10066 - Kordil EDMS File Upload Remote Code Execution

CVE ID : CVE-2013-10066
Published : Aug. 5, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw enables remote code execution by uploading a PHP payload and invoking it via a direct HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2012-10023 - FreeFloat FTP Server Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2012-10023
Published : Aug. 5, 2025, 8:15 p.m. | 34 minutes ago
Description : A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 20:15:00 GMT

read more

CVE-2025-45512 - DENX Software Engineering Das U-Boot Bootloader Firmware Signature Verification Bypass

CVE ID : CVE-2025-45512
Published : Aug. 5, 2025, 7:15 p.m. | 1 hour, 34 minutes ago
Description : A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 19:15:00 GMT

read more

CVE-2025-50454 - Blue Access Cobalt X1 Authentication Bypass Vulnerability

CVE ID : CVE-2025-50454
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-50688 - Apache TwistedWeb Command Injection Vulnerability

CVE ID : CVE-2025-50688
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a specially crafted HTTP PUT request to upload a malicious file (e.g., a reverse shell script). Once uploaded, the attacker can trigger the execution of arbitrary commands on the target system, allowing for remote code execution. This could lead to escalation of privileges depending on the privileges of the web server process. The attack does not require physical access and can be conducted remotely, posing a significant risk to the confidentiality and integrity of the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-51060 - CPUID cpuz.sys MSR LSTAR Hijacking Vulnerability

CVE ID : CVE-2025-51060
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use DeviceIoControl with the unvalidated parameters 0x9C402440 and 0x9C402444 as IoControlCodes to perform RDMSR and WRMSR, respectively. Through this process, the attacker can modify MSR_LSTAR and hook KiSystemCall64. Afterward, using Return-Oriented Programming (ROP), the attacker can manipulate the stack with pre-prepared gadgets, disable the SMAP flag in the CR4 register, and execute a user-mode syscall handler in the kernel context. It has not been confirmed whether this works on 32-bit Windows, but it functions on 64-bit Windows if the core isolation feature is either absent or disabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-51627 - Agenzia Impresa Eccobook CaricaVerbale Privilege Escalation Vulnerability

CVE ID : CVE-2025-51627
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-51628 - Eccobook PdfHandler IDOR Vulnerability

CVE ID : CVE-2025-51628
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-51857 - Halo XSS Vulnerability in AttachmentReconciler Class

CVE ID : CVE-2025-51857
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-8586 - "Libav MPEG File Parser Null Pointer Dereference Vulnerability"

CVE ID : CVE-2025-8586
Published : Aug. 5, 2025, 6:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 18:15:00 GMT

read more

CVE-2025-43978 - Jointelli 5G CPE OS Command Injection Vulnerability

CVE ID : CVE-2025-43978
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 10 minutes ago
Description : Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to execute arbitrary OS commands with root privileges via crafted inputs to the SSID, WPS, Traceroute, and Ping fields.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-43980 - FIRSTNUM JC21A-04 Default SSH Credentials Vulnerability

CVE ID : CVE-2025-43980
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 10 minutes ago
Description : An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-54253 - Adobe Experience Manager Code Execution Vulnerability

CVE ID : CVE-2025-54253
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 9 minutes ago
Description : Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-54254 - Adobe Experience Manager XXE File System Read Vulnerability

CVE ID : CVE-2025-54254
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 9 minutes ago
Description : Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-7674 - Roche Diagnostics navify Monitoring Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-7674
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 9 minutes ago
Description : Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server's performance. This vulnerability has no impact on data confidentiality or integrity. This issue affects navify Monitoring before 1.08.00.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-8584 - Libav AVI File Parser Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-8584
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-8585 - Libav DSS File Demuxer Double Free Vulnerability

CVE ID : CVE-2025-8585
Published : Aug. 5, 2025, 5:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 17:15:00 GMT

read more

CVE-2025-43979 - FIRSTNUM JC21A-04 Command Injection Vulnerability

CVE ID : CVE-2025-43979
Published : Aug. 5, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml_action.cgi?method= endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 16:15:00 GMT

read more

CVE-2025-46658 - "4C Strategies Exonaut ExonautWeb Information Disclosure"

CVE ID : CVE-2025-46658
Published : Aug. 5, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 16:15:00 GMT

read more

CVE-2025-27931 - PDF-XChange Editor Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-27931
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-29745 - Emsisoft Anti-Malware Net-NTLMv2 Hash Information Disclosure

CVE ID : CVE-2025-29745
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-2611 - ICTBroadcast Unauthenticated Remote Code Execution

CVE ID : CVE-2025-2611
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-44964 - BlueStacks SSL Certificate Validation Weakness - Man-in-the-Middle

CVE ID : CVE-2025-44964
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-46958 - Adobe Experience Manager Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-46958
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-47152 - PDF-XChange Editor Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-47152
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-50706 - Apache ThinkPHP Remote Code Execution Vulnerability

CVE ID : CVE-2025-50706
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-50707 - ThinkPHP3 Remote Code Execution Vulnerability

CVE ID : CVE-2025-50707
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2025-54874 - OpenJPEG Out-of-Bounds Heap Memory Write

CVE ID : CVE-2025-54874
Published : Aug. 5, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 15:15:00 GMT

read more

CVE-2024-52890 - IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-52890
Published : Aug. 5, 2025, 2:15 p.m. | 3 hours, 4 minutes ago
Description : IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 14:15:00 GMT

read more

CVE-2025-7025 - Rockwell Automation Arena Out-of-Bounds Memory Access Vulnerability

CVE ID : CVE-2025-7025
Published : Aug. 5, 2025, 2:15 p.m. | 3 hours, 4 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 14:15:00 GMT

read more

CVE-2025-7032 - Rockwell Automation Arena Memory Corruption Vulnerability

CVE ID : CVE-2025-7032
Published : Aug. 5, 2025, 2:15 p.m. | 3 hours, 4 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 14:15:00 GMT

read more

CVE-2025-7033 - Rockwell Automation Arena Memory Corruption Vulnerability

CVE ID : CVE-2025-7033
Published : Aug. 5, 2025, 2:15 p.m. | 3 hours, 4 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 14:15:00 GMT

read more

CVE-2025-54948 - Trend Micro Apex One Remote Code Execution

CVE ID : CVE-2025-54948
Published : Aug. 5, 2025, 1:15 p.m. | 4 hours, 4 minutes ago
Description : A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 13:15:00 GMT

read more

CVE-2025-54987 - Trend Micro Apex One Remote Code Execution Vulnerability

CVE ID : CVE-2025-54987
Published : Aug. 5, 2025, 1:15 p.m. | 4 hours, 4 minutes ago
Description : A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 13:15:00 GMT

read more

CVE-2025-8555 - Atjiu Pybbs Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8555
Published : Aug. 5, 2025, 10:15 a.m. | 7 hours, 3 minutes ago
Description : A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 10:15:00 GMT

read more

CVE-2025-8553 - Atjiu Pybbs Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8553
Published : Aug. 5, 2025, 9:15 a.m. | 8 hours, 3 minutes ago
Description : A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 09:15:00 GMT

read more

CVE-2025-8554 - Atjiu Pybbs Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8554
Published : Aug. 5, 2025, 9:15 a.m. | 8 hours, 3 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 09:15:00 GMT

read more

CVE-2025-6207 - WordPress Import Export Lite Plugin File Upload Vulnerability

CVE ID : CVE-2025-6207
Published : Aug. 5, 2025, 8:15 a.m. | 9 hours, 4 minutes ago
Description : The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-8294 - WordPress Download Counter Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8294
Published : Aug. 5, 2025, 8:15 a.m. | 9 hours, 4 minutes ago
Description : The Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-8295 - WordPress Employee Directory Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8295
Published : Aug. 5, 2025, 8:15 a.m. | 9 hours, 4 minutes ago
Description : The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-8551 - Atjiu Pybbs Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8551
Published : Aug. 5, 2025, 8:15 a.m. | 9 hours, 4 minutes ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-8552 - Atjiu Pybbs Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8552
Published : Aug. 5, 2025, 8:15 a.m. | 9 hours, 4 minutes ago
Description : A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-2810 - Apache Key Exposure

CVE ID : CVE-2025-2810
Published : Aug. 5, 2025, 8:15 a.m. | 7 hours, 1 minute ago
Description : A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-41698 - Apache HTTP Server Command Injection Vulnerability

CVE ID : CVE-2025-41698
Published : Aug. 5, 2025, 8:15 a.m. | 7 hours ago
Description : A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-5061 - WordPress Import Export Lite Plugin Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-5061
Published : Aug. 5, 2025, 8:15 a.m. | 7 hours ago
Description : The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 3.9.29.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 08:15:00 GMT

read more

CVE-2025-7050 - Google Drive plugin for WordPress Stored Cross-Site Scripting

CVE ID : CVE-2025-7050
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability can be exploited by the lowest authentication level permitted to upload files, including unauthenticated users, once a file upload shortcode is published on a publicly accessible post.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-8313 - WordPress Campus Directory Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8313
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-8315 - "WordPress WP Easy Contact Stored Cross-Site Scripting"

CVE ID : CVE-2025-8315
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : The WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-8548 - "Atjiu Pybbs Registered Email Handler Information Exposure Vulnerability"

CVE ID : CVE-2025-8548
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-8549 - "Atjiu Pybbs Password Weakness"

CVE ID : CVE-2025-8549
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as d09cb19a8e7d7e5151282926ada54080244d499f. It is recommended to apply a patch to fix this issue.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-8550 - "atjiu pybbs Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-8550
Published : Aug. 5, 2025, 7:15 a.m. | 8 hours ago
Description : A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 07:15:00 GMT

read more

CVE-2025-54982 - Zscaler SAML Authentication Signature Forgery

CVE ID : CVE-2025-54982
Published : Aug. 5, 2025, 6:15 a.m. | 9 hours ago
Description : An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 06:15:00 GMT

read more

CVE-2025-8547 - Atjiu Pybbs Email Verification Handler Remote Authorization Bypass Vulnerability

CVE ID : CVE-2025-8547
Published : Aug. 5, 2025, 6:15 a.m. | 9 hours ago
Description : A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 044f22893bee254dc2bb0d30f614913fab3c22c2. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 06:15:00 GMT

read more

CVE-2025-54868 - LibreChat Meilisearch Engine Information Disclosure

CVE ID : CVE-2025-54868
Published : Aug. 5, 2025, 5:15 a.m. | 7 hours, 51 minutes ago
Description : LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 05:15:00 GMT

read more

CVE-2025-8544 - Portabilis i-Educar Cross Site Scripting Vulnerability

CVE ID : CVE-2025-8544
Published : Aug. 5, 2025, 5:15 a.m. | 7 hours, 51 minutes ago
Description : A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 05:15:00 GMT

read more

CVE-2025-8545 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8545
Published : Aug. 5, 2025, 5:15 a.m. | 7 hours, 51 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 05:15:00 GMT

read more

CVE-2025-8546 - Atjiu Pybbs Captcha Guessing Vulnerability (Remote)

CVE ID : CVE-2025-8546
Published : Aug. 5, 2025, 5:15 a.m. | 7 hours, 51 minutes ago
Description : A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 05:15:00 GMT

read more

CVE-2025-8542 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8542
Published : Aug. 5, 2025, 4:16 a.m. | 8 hours, 51 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-8543 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8543
Published : Aug. 5, 2025, 4:16 a.m. | 8 hours, 51 minutes ago
Description : A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54980 - Adobe Flash Player Arbitrary Command Execution

CVE ID : CVE-2025-54980
Published : Aug. 5, 2025, 4:16 a.m. | 5 hours, 43 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54978 - Apache HTTP Server HTTP Header Injection

CVE ID : CVE-2025-54978
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 51 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54979 - Apache HTTP Server Unvalidated User Input

CVE ID : CVE-2025-54979
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 51 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54974 - Apache HTTP Server Denial of Service

CVE ID : CVE-2025-54974
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54975 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-54975
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54976 - Apache HTTP Server Unvalidated User Input Leads to Remote Command Execution

CVE ID : CVE-2025-54976
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-54977 - Microsoft Azure Storage Rejected Reason

CVE ID : CVE-2025-54977
Published : Aug. 5, 2025, 4:16 a.m. | 4 hours, 9 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 04:16:00 GMT

read more

CVE-2025-53417 - DIAView Directory Traversal Information Disclosure Vulnerability

CVE ID : CVE-2025-53417
Published : Aug. 5, 2025, 3:15 a.m. | 5 hours, 10 minutes ago
Description : DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 03:15:00 GMT

read more

CVE-2025-8540 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8540
Published : Aug. 5, 2025, 3:15 a.m. | 5 hours, 10 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 03:15:00 GMT

read more

CVE-2025-8541 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8541
Published : Aug. 5, 2025, 3:15 a.m. | 5 hours, 10 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 03:15:00 GMT

read more

CVE-2025-8539 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8539
Published : Aug. 5, 2025, 2:15 a.m. | 6 hours, 10 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 02:15:00 GMT

read more

CVE-2025-54865 - Tilesheets MediaWiki SQL Injection Vulnerability

CVE ID : CVE-2025-54865
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54870 - VTun-ng Blowfish-256 Plaintext Reversion Vulnerability

CVE ID : CVE-2025-54870
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround this issue, avoid blowfish-256.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54871 - Electron TCC Bypass

CVE ID : CVE-2025-54871
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-8535 - "Cronoh NanoVault XSS Vulnerability"

CVE ID : CVE-2025-8535
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-8537 - Axiomatic Bento4 AP4_DataBuffer Buffer Overflow

CVE ID : CVE-2025-8537
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-8538 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8538
Published : Aug. 5, 2025, 1:15 a.m. | 5 hours, 51 minutes ago
Description : A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54803 - js-toml Prototype Pollution Vulnerability

CVE ID : CVE-2025-54803
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours, 20 minutes ago
Description : js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify properties of the global Object.prototype by parsing a maliciously crafted TOML input. This is fixed in version 1.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54804 - Russh SSH Integer Overflow Vulnerability

CVE ID : CVE-2025-54804
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours, 20 minutes ago
Description : Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54780 - GLPI Screenshot Plugin File Disclosure and PHP Wrapper Abuse

CVE ID : CVE-2025-54780
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours ago
Description : The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54794 - "Claude Code Directory Traversal Vulnerability"

CVE ID : CVE-2025-54794
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours ago
Description : Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of (or ability to create) a directory with the same prefix as the CWD and the ability to add untrusted content into a Claude Code context window. This is fixed in version 0.2.111.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54795 - Claude Code Command Injection Vulnerability

CVE ID : CVE-2025-54795
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours ago
Description : Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54802 - "pyLoad Path Traversal RCE"

CVE ID : CVE-2025-54802
Published : Aug. 5, 2025, 1:15 a.m. | 4 hours ago
Description : pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-52892 - EspoCRM Double Slash URL Vulnerability (Cache Corruption)

CVE ID : CVE-2025-52892
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes (e.g https://domain//#Admin) and the webserver does not strip the double slash, it can cause a corrupted Slim router's cache. This will make the instance unusable until there is a completed rebuild. This is fixed in version 9.1.7.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-53544 - Trilium Notes Unauthenticated Brute-Force Protection Bypass Vulnerability

CVE ID : CVE-2025-53544
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. Trilium is a single-user app without a username requirement, and brute-force protection bypass makes exploitation much more feasible. Multiple features provided by Trilium (e.g. MFA, share notes, custom request handler) indicate that Trilium can be exposed to the internet. This is fixed in version 0.97.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54119 - ADOdb SQLite3 SQL Injection Vulnerability

CVE ID : CVE-2025-54119
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54130 - "Cursor Dotfile File Write RCE Vulnerability"

CVE ID : CVE-2025-54130
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the .vscode/settings.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54135 - Cursor Unapproved File Writing and RCE Vulnerability

CVE ID : CVE-2025-54135
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions below 1.3.9, If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive MCP files, such as the .cursor/mcp.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54387 - IPX Path Prefix Bypass Vulnerability

CVE ID : CVE-2025-54387
Published : Aug. 5, 2025, 1:15 a.m. | 2 hours, 20 minutes ago
Description : IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. This is fixed in versions 1.3.2, 2.1.1 and 3.1.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 01:15:00 GMT

read more

CVE-2025-54797 - Apache Struts Remote Code Execution

CVE ID : CVE-2025-54797
Published : Aug. 5, 2025, 12:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: This CVE is a duplicate of CVE-2025-52464.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 00:15:00 GMT

read more

CVE-2025-8534 - Libtiff tiff2ps PS_Lvl2page Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-8534
Published : Aug. 5, 2025, 12:15 a.m. | 3 hours, 20 minutes ago
Description : A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 05 Aug 2025 00:15:00 GMT

read more

Fuite de données chez Pandora

nom, adresse email

Tue Aug 05 2025 02:00:00 GMT+0200 (heure d’été d’Europe centrale)

read more

CVE-2025-8530 - Elunez Eladmin Druid Default Credentials Vulnerability

CVE ID : CVE-2025-8530
Published : Aug. 4, 2025, 11:15 p.m. | 4 hours, 20 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-46093 - LiquidFiles FTP SETUID Setgid Remote Command Execution

CVE ID : CVE-2025-46093
Published : Aug. 4, 2025, 11:15 p.m. | 3 hours, 19 minutes ago
Description : LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-46094 - LiquidFiles Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-46094
Published : Aug. 4, 2025, 11:15 p.m. | 3 hours, 19 minutes ago
Description : LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-8529 - CloudFavorites Favorites-Web SSRF Vulnerability

CVE ID : CVE-2025-8529
Published : Aug. 4, 2025, 11:15 p.m. | 3 hours, 19 minutes ago
Description : A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-27211 - EdgeMAX EdgeSwitch Command Injection Vulnerability

CVE ID : CVE-2025-27211
Published : Aug. 4, 2025, 11:15 p.m. | 1 hour, 56 minutes ago
Description : An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-27212 - Ubiquiti UniFi Access Command Injection Vulnerability

CVE ID : CVE-2025-27212
Published : Aug. 4, 2025, 11:15 p.m. | 1 hour, 56 minutes ago
Description : An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Access G2 Reader Pro (Version 1.10.32 and earlier) UniFi Access G3 Reader Pro (Version 1.10.30 and earlier) UniFi Access Intercom (Version 1.7.28 and earlier) UniFi Access G3 Intercom (Version 1.7.29 and earlier) UniFi Access Intercom Viewer (Version 1.3.20 and earlier) Mitigation: Update UniFi Access Reader Pro Version 2.15.9 or later Update UniFi Access G2 Reader Pro Version 1.11.23 or later Update UniFi Access G3 Reader Pro Version 1.11.22 or later Update UniFi Access Intercom Version 1.8.22 or later Update UniFi Access G3 Intercom Version 1.8.22 or later Update UniFi Access Intercom Viewer Version 1.4.39 or later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 23:15:00 GMT

read more

CVE-2025-4599 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS)

CVE ID : CVE-2025-4599
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 57 minutes ago
Description : The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-based XSS because it allows a remote non-authenticated attacker to inject JavaScript into the fragment portlet URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-4604 - Liferay Portal/Captcha Bypass Remote Code Execution

CVE ID : CVE-2025-4604
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 56 minutes ago
Description : The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 and then attackers can run scripts in the Gogo shell
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-54554 - Tera Insights tiCrypt Information Disclosure

CVE ID : CVE-2025-54554
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 56 minutes ago
Description : tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-7844 - TPM 2.0 Stack Buffer Overflow

CVE ID : CVE-2025-7844
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 56 minutes ago
Description : Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. If your TPM 2.0 module supports RSA key sizes larger than 2048 bit and your applications supports creating or importing an RSA private or public key larger than 2048 bits and your application calls `wolfTPM2_RsaKey_TpmToWolf` on that key, then a stack buffer could be overrun. If the `MAX_RSA_KEY_BITS` build-time macro is set correctly (RSA bits match what TPM hardware is capable of) for the hardware target, then a stack overrun is not possible.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-8527 - Exrick xboot Swagger Server-Side Request Forgery (SSRF) Vulnerability

CVE ID : CVE-2025-8527
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 56 minutes ago
Description : A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component Swagger. The manipulation of the argument loginUrl leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-8528 - Exrick xboot Exposed Sensitive Information Cookie Storage

CVE ID : CVE-2025-8528
Published : Aug. 4, 2025, 10:15 p.m. | 2 hours, 56 minutes ago
Description : A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 22:15:00 GMT

read more

CVE-2025-50341 - Axelor SQL Injection Vulnerability

CVE ID : CVE-2025-50341
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-50754 - Unisite CMS Stored XSS

CVE ID : CVE-2025-50754
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack the admin session and, by leveraging the template editor, upload and execute a PHP web shell on the server, leading to full remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-51387 - GitKraken Desktop Node.js Code Injection Vulnerability

CVE ID : CVE-2025-51387
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-51726 - CyberGhost VPN Weak SHA-1 Signing and Predictable ASLR Vulnerability

CVE ID : CVE-2025-51726
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification mechanisms, particularly on systems without strict SmartScreen or trust policy enforcement. Additionally, the installer lacks High Entropy Address Space Layout Randomization (ASLR), as confirmed by BinSkim (BA2015 rule) and repeated WinDbg analysis. The binary consistently loads into predictable memory ranges, increasing the success rate of memory corruption exploits. These two misconfigurations, when combined, significantly lower the bar for successful supply-chain style attacks or privilege escalation through fake installers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-8525 - Exrick xboot Information Disclosure Vulnerability

CVE ID : CVE-2025-8525
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-8526 - Exrick xBoot Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-8526
Published : Aug. 4, 2025, 9:15 p.m. | 3 hours, 56 minutes ago
Description : A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 21:15:00 GMT

read more

CVE-2025-50340 - SOGo Webmail IDOR Email Spoofing

CVE ID : CVE-2025-50340
Published : Aug. 4, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated user is authorized to use the specified sender identity, resulting in unauthorized message delivery as another user. This can lead to impersonation, phishing, or unauthorized communication within the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 20:15:00 GMT

read more

CVE-2025-55014 - Youdao StarDict X11 Selection Information Disclosure

CVE ID : CVE-2025-55014
Published : Aug. 4, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 20:15:00 GMT

read more

CVE-2025-8523 - RiderLike Fruit Crush-Brain App Android Component Export Vulnerability

CVE ID : CVE-2025-8523
Published : Aug. 4, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.fruitcrush.fun. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 20:15:00 GMT

read more

CVE-2025-8524 - "Boquan DotWallet Android AndroidManifest.xml Component Export Vulnerability"

CVE ID : CVE-2025-8524
Published : Aug. 4, 2025, 8:15 p.m. | 4 hours, 56 minutes ago
Description : A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.boquanhash.dotwallet. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 20:15:00 GMT

read more

CVE-2025-8522 - Givanz Vvvebjs Node.js File Path Traversal Vulnerability

CVE ID : CVE-2025-8522
Published : Aug. 4, 2025, 7:15 p.m. | 5 hours, 56 minutes ago
Description : A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-21120 - Dell Avamar HTTP Permission Methods Vulnerability

CVE ID : CVE-2025-21120
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-26476 - Dell ECS Hard-coded Cryptographic Key Unauthorized Access Vulnerability

CVE ID : CVE-2025-26476
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-38741 - "Dell Enterprise SONiC OS SSH Cryptographic Key Exposure Vulnerability"

CVE ID : CVE-2025-38741
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-52239 - ZKEACMS File Upload Code Execution Vulnerability

CVE ID : CVE-2025-52239
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-53394 - Macrium Reflect Remote Code Execution Vulnerability

CVE ID : CVE-2025-53394
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in the same directory. When a user with administrative privileges opens the crafted backup file and proceeds to mount it, Reflect launches the renamed executable (e.g., explorer.exe), which is under attacker control. This occurs because of insufficient validation of companion files referenced during backup mounting.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-53395 - Macrium Reflect DLL Loading Vulnerability (Local Privilege Escalation)

CVE ID : CVE-2025-53395
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the same directory. When a user with administrative privileges mounts a backup by opening the .mrimgx file, Reflect loads the attacker's VSSSvr.dll after the mount completes. This occurs because of untrusted DLL search path behavior in ReflectMonitor.exe.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-8521 - Givanz Vvveb Add Type Handler Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8521
Published : Aug. 4, 2025, 7:15 p.m. | 3 hours, 51 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5. This issue affects some unknown processing of the file /vadmin123/index.php?module=settings/post-types of the component Add Type Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is named b53c7161da606f512b7efcb392d6ffc708688d49/605a70f8729e4d44ebe272671cb1e43e3d6ae014. It is recommended to upgrade the affected component.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 19:15:00 GMT

read more

CVE-2025-8520 - Givanz Vvveb SSRF Vulnerability

CVE ID : CVE-2025-8520
Published : Aug. 4, 2025, 6:15 p.m. | 4 hours, 51 minutes ago
Description : A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is identified as f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2013-10052 - ZPanel Sudo Privilege Escalation Vulnerability

CVE ID : CVE-2013-10052
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell access to escalate privileges by writing a payload to a writable directory and executing it via zsudo. The vulnerability is particularly impactful in post-exploitation scenarios following web server compromise, where the attacker inherits access to zsudo.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2013-10054 - LibrettoCMS Unauthenticated Remote Code Execution File Upload Vulnerability

CVE ID : CVE-2013-10054
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2024-45183 - Samsung Exynos JPEG Length Check Vulnerability (Buffer Overflow)

CVE ID : CVE-2024-45183
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2025-34147 - Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection Vulnerability

CVE ID : CVE-2025-34147
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in Extender mode via its captive portal, the extap2g SSID field is inserted unescaped into a reboot-time shell script. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root during device reboot, leading to full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2025-46206 - Artifex mupdf Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-46206
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2025-51390 - TOTOLINK N600R Command Injection Vulnerability

CVE ID : CVE-2025-51390
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2025-8519 - Givanz Vvveb Drag-and-Drop Editor Information Disclosure Vulnerability

CVE ID : CVE-2025-8519
Published : Aug. 4, 2025, 6:15 p.m. | 2 hours, 54 minutes ago
Description : A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The identifier of the patch is f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 18:15:00 GMT

read more

CVE-2025-50420 - Poppler PDF Denial of Service

CVE ID : CVE-2025-50420
Published : Aug. 4, 2025, 5:15 p.m. | 3 hours, 54 minutes ago
Description : An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-50422 - Poppler PDF Memory Leak Information Disclosure

CVE ID : CVE-2025-50422
Published : Aug. 4, 2025, 5:15 p.m. | 3 hours, 54 minutes ago
Description : An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content via a memory dump.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-51534 - Austrian Archaeological Institute (AI) OpenAtlas Cross-Site Scripting (XSS)

CVE ID : CVE-2025-51534
Published : Aug. 4, 2025, 5:15 p.m. | 3 hours, 54 minutes ago
Description : A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-51535 - Austrian Archaeological Institute OpenAtlas SQL Injection Vulnerability

CVE ID : CVE-2025-51535
Published : Aug. 4, 2025, 5:15 p.m. | 3 hours, 54 minutes ago
Description : Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-8518 - Givanz Vvveb Code Editor Remote Code Injection Vulnerability

CVE ID : CVE-2025-8518
Published : Aug. 4, 2025, 5:15 p.m. | 3 hours, 54 minutes ago
Description : A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44954 - RUCKUS SmartZone SSH Private Key Hardcoded Vulnerability

CVE ID : CVE-2025-44954
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44957 - Ruckus SmartZone Authentication Bypass Vulnerability

CVE ID : CVE-2025-44957
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44958 - RUCKUS Network Director Unencrypted Password Storage Vulnerability

CVE ID : CVE-2025-44958
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44960 - RUCKUS SmartZone OS Command Injection Vulnerability

CVE ID : CVE-2025-44960
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44961 - RUCKUS SmartZone OS Command Injection

CVE ID : CVE-2025-44961
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44962 - RUCKUS SmartZone Directory Traversal Vulnerability

CVE ID : CVE-2025-44962
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-44963 - RUCKUS Network Director JWT Spoofing Vulnerability

CVE ID : CVE-2025-44963
Published : Aug. 4, 2025, 5:15 p.m. | 1 hour, 51 minutes ago
Description : RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 17:15:00 GMT

read more

CVE-2025-38739 - Dell Digital Delivery Insufficiently Protected Credentials Information Disclosure

CVE ID : CVE-2025-38739
Published : Aug. 4, 2025, 4:15 p.m. | 2 hours, 51 minutes ago
Description : Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 16:15:00 GMT

read more

CVE-2025-44955 - RUCKUS Network Director (RND) Hardcoded Password Root Access

CVE ID : CVE-2025-44955
Published : Aug. 4, 2025, 4:15 p.m. | 2 hours, 51 minutes ago
Description : RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 16:15:00 GMT

read more

CVE-2025-5988 - Ansible aap-gateway CSRF Vulnerability

CVE ID : CVE-2025-5988
Published : Aug. 4, 2025, 4:15 p.m. | 2 hours, 51 minutes ago
Description : A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 16:15:00 GMT

read more

CVE-2025-8516 - Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp Remote Path Traversal Vulnerability

CVE ID : CVE-2025-8516
Published : Aug. 4, 2025, 4:15 p.m. | 2 hours, 51 minutes ago
Description : A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. It has been classified as problematic. Affected is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\BBCMallSite\WEB-INF\lib\Kingdee.K3.O2O.Base.WebApp.jar!\kingdee\k3\o2o\base\webapp\action\FileUploadAction.class of the component IIS-K3CloudMiniApp. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor recommends as a short-term measure to "[t]emporarily disable external network access to the Kingdee Cloud Galaxy Retail System or set up an IP whitelist for access control." The long-term remediation will be: "Install the security patch provided by the Starry Sky system, with the specific solutions being: i) Adding authentication to the vulnerable CMKAppWebHandler.ashx interface; ii) Removing the file reading function."
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 16:15:00 GMT

read more

CVE-2025-8517 - Givanz Vvveb Session Fixation Vulnerability

CVE ID : CVE-2025-8517
Published : Aug. 4, 2025, 4:15 p.m. | 2 hours, 51 minutes ago
Description : A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.7 is able to address this issue. The patch is named d4b1e030066417b77d15b4ac505eed5ae7bf2c5e. It is recommended to upgrade the affected component.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 16:15:00 GMT

read more

CVE-2025-26065 - Intelbras RX1500 RX3000 XSS

CVE ID : CVE-2025-26065
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-30096 - Dell PowerProtect Data Domain DD OS OS Command Injection

CVE ID : CVE-2025-30096
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-30097 - Dell PowerProtect Data Domain OS Command Injection

CVE ID : CVE-2025-30097
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-30098 - Dell PowerProtect Data Domain DD OS OS Command Injection

CVE ID : CVE-2025-30098
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-30099 - Dell PowerProtect Data Domain OS Command Injection

CVE ID : CVE-2025-30099
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-36594 - Dell PowerProtect Data Domain DD OS Authentication Bypass by Spoofing Vulnerability

CVE ID : CVE-2025-36594
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-44643 - Draytek AP Series Insecure Permissions Weak Password Vulnerability

CVE ID : CVE-2025-44643
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-51536 - AI OpenAtlas Hardcoded Administrator Password Vulnerability

CVE ID : CVE-2025-51536
Published : Aug. 4, 2025, 3:15 p.m. | 3 hours, 6 minutes ago
Description : Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 15:15:00 GMT

read more

CVE-2025-36604 - Dell Unity OS Command Injection

CVE ID : CVE-2025-36604
Published : Aug. 4, 2025, 2:15 p.m. | 2 hours, 51 minutes ago
Description : Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 14:15:00 GMT

read more

CVE-2025-36605 - Dell Unity Cross-site Scripting Vulnerability

CVE ID : CVE-2025-36605
Published : Aug. 4, 2025, 2:15 p.m. | 2 hours, 51 minutes ago
Description : Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 14:15:00 GMT

read more

CVE-2025-36606 - Dell Unity OS Command Injection Vulnerability

CVE ID : CVE-2025-36606
Published : Aug. 4, 2025, 2:15 p.m. | 2 hours, 51 minutes ago
Description : Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 14:15:00 GMT

read more

CVE-2025-36607 - Dell Unity OS Command Injection Vulnerability

CVE ID : CVE-2025-36607
Published : Aug. 4, 2025, 2:15 p.m. | 2 hours, 51 minutes ago
Description : Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 14:15:00 GMT

read more

CVE-2025-8109 - NVIDIA GPU Origin Read-Only Memory Write Vulnerability

CVE ID : CVE-2025-8109
Published : Aug. 4, 2025, 2:15 p.m. | 2 hours, 51 minutes ago
Description : Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 14:15:00 GMT

read more

CVE-2025-8515 - Intelbras InControl JSON Endpoint Information Disclosure

CVE ID : CVE-2025-8515
Published : Aug. 4, 2025, 11:15 a.m. | 5 hours, 51 minutes ago
Description : A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This issue affects some unknown processing of the file /v1/operador/ of the component JSON Endpoint. The manipulation leads to information disclosure. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 11:15:00 GMT

read more

CVE-2025-0932 - Arm Ltd Bifrost GPU Userspace Driver/Arm Ltd Valhall GPU Userspace Driver/Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver: After Free Information Disclosure

CVE ID : CVE-2025-0932
Published : Aug. 4, 2025, 10:15 a.m. | 6 hours, 51 minutes ago
Description : Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to gain access to already freed memory.This issue affects Bifrost GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 10:15:00 GMT

read more

CVE-2025-6204 - DELmia Apriso Code Injection Vulnerability

CVE ID : CVE-2025-6204
Published : Aug. 4, 2025, 10:15 a.m. | 6 hours, 51 minutes ago
Description : An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 10:15:00 GMT

read more

CVE-2025-6205 - "DELmia Apriso Authorization Bypass Vulnerability"

CVE ID : CVE-2025-6205
Published : Aug. 4, 2025, 10:15 a.m. | 6 hours, 51 minutes ago
Description : A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 10:15:00 GMT

read more

CVE-2025-8341 - Grafana Infinity Datasource URL Bypass Vulnerability

CVE ID : CVE-2025-8341
Published : Aug. 4, 2025, 9:15 a.m. | 7 hours, 51 minutes ago
Description : Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 09:15:00 GMT

read more

CVE-2025-41659 - CODESYS Control PKI Folder Remote Access Vulnerability

CVE ID : CVE-2025-41659
Published : Aug. 4, 2025, 8:15 a.m. | 8 hours, 51 minutes ago
Description : A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 08:15:00 GMT

read more

CVE-2025-41691 - Siemens CODESYS Control Remote NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-41691
Published : Aug. 4, 2025, 8:15 a.m. | 8 hours, 51 minutes ago
Description : An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 08:15:00 GMT

read more

CVE-2025-41658 - CODESYS Runtime Toolkit File Permission Vulnerability (Information Disclosure)

CVE ID : CVE-2025-41658
Published : Aug. 4, 2025, 8:15 a.m. | 8 hours, 3 minutes ago
Description : CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 08:15:00 GMT

read more

CVE-2025-20700 - Airoha Bluetooth Audio SDK Privilege Escalation Vulnerability

CVE ID : CVE-2025-20700
Published : Aug. 4, 2025, 7:15 a.m. | 9 hours, 4 minutes ago
Description : In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 07:15:00 GMT

read more

CVE-2025-20701 - Airoha Bluetooth Audio SDK Remote Privilege Escalation Vulnerability

CVE ID : CVE-2025-20701
Published : Aug. 4, 2025, 7:15 a.m. | 9 hours, 4 minutes ago
Description : In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 07:15:00 GMT

read more

CVE-2025-20702 - Airoha Bluetooth RACE Protocol Privilege Escalation Vulnerability

CVE ID : CVE-2025-20702
Published : Aug. 4, 2025, 7:15 a.m. | 9 hours, 4 minutes ago
Description : In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 07:15:00 GMT

read more

CVE-2025-48499 - Fujifilm Business Innovation MFP Denial-of-Service Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-48499
Published : Aug. 4, 2025, 6:15 a.m. | 10 hours, 4 minutes ago
Description : Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 06:15:00 GMT

read more

CVE-2025-20696 - Dell Authentication Agent Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-20696
Published : Aug. 4, 2025, 2:15 a.m. | 12 hours, 53 minutes ago
Description : In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 02:15:00 GMT

read more

CVE-2025-20697 - Qualcomm Power HAL Out-of-Bounds Write Privilege Escalation

CVE ID : CVE-2025-20697
Published : Aug. 4, 2025, 2:15 a.m. | 12 hours, 53 minutes ago
Description : In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 02:15:00 GMT

read more

CVE-2025-20698 - Qualcomm Power HAL Out-of-Bounds Write Privilege Escalation

CVE ID : CVE-2025-20698
Published : Aug. 4, 2025, 2:15 a.m. | 12 hours, 53 minutes ago
Description : In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 02:15:00 GMT

read more

CVE-2025-54962 - OpenPLC Runtime File Upload Vulnerability

CVE ID : CVE-2025-54962
Published : Aug. 4, 2025, 2:15 a.m. | 12 hours, 53 minutes ago
Description : /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 04 Aug 2025 02:15:00 GMT

read more

CVE-2025-54956 - Gh R Unauthorized Information Disclosure

CVE ID : CVE-2025-54956
Published : Aug. 3, 2025, 6:15 p.m. | 20 hours, 53 minutes ago
Description : The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 18:15:00 GMT

read more

CVE-2025-8513 - Caixin News App Android Android Application Component Export Vulnerability

CVE ID : CVE-2025-8513
Published : Aug. 3, 2025, 3:15 p.m. | 23 hours, 53 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.caixin.news. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 15:15:00 GMT

read more

CVE-2025-8511 - Portabilis i-Diario Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8511
Published : Aug. 3, 2025, 2:15 p.m. | 1 day ago
Description : A vulnerability classified as problematic was found in Portabilis i-Diario 1.5.0. This vulnerability affects unknown code of the file /diario-de-observacoes/ of the component Observações. The manipulation of the argument Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 14:15:00 GMT

read more

CVE-2025-8512 - TVB Big Big Shop App Android Android Application Component Export Vulnerability

CVE ID : CVE-2025-8512
Published : Aug. 3, 2025, 2:15 p.m. | 1 day ago
Description : A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component hk.com.tvb.bigbigshop. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 14:15:00 GMT

read more

CVE-2025-8509 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8509
Published : Aug. 3, 2025, 1:15 p.m. | 23 hours, 51 minutes ago
Description : A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_cad.php. The manipulation of the argument matricula leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 13:15:00 GMT

read more

CVE-2025-8510 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8510
Published : Aug. 3, 2025, 1:15 p.m. | 23 hours, 51 minutes ago
Description : A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 82c288b9a4abb084bdfa1c0c4ef777ed45f98b46. It is recommended to apply a patch to fix this issue. The vendor initially closed the original advisory without requesting a CVE.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 13:15:00 GMT

read more

CVE-2024-51775 - Apache Zeppelin Origin Validation Bypass WebSockets Vulnerability

CVE ID : CVE-2024-51775
Published : Aug. 3, 2025, 11:15 a.m. | 1 day, 1 hour ago
Description : Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.  This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 11:15:00 GMT

read more

CVE-2025-8508 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8508
Published : Aug. 3, 2025, 11:15 a.m. | 1 day, 1 hour ago
Description : A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_avaliacao_desempenho_cad.php. The manipulation of the argument titulo_avaliacao/descricao leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 11:15:00 GMT

read more

CVE-2025-8507 - Portabilis i-Educar Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8507
Published : Aug. 3, 2025, 10:15 a.m. | 1 day, 2 hours ago
Description : A vulnerability was found in Portabilis i-Educar 2.9. It has been classified as problematic. Affected is an unknown function of the file /intranet/educar_funcao_lst.php. The manipulation of the argument nm_funcao/abreviatura leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 10:15:00 GMT

read more

CVE-2024-52279 - Apache Zeppelin JDBC URL Validation Bypass

CVE ID : CVE-2024-52279
Published : Aug. 3, 2025, 10:15 a.m. | 1 day ago
Description : Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 10:15:00 GMT

read more

CVE-2024-41177 - Apache Zeppelin Cross-Site Scripting (CWE-80)

CVE ID : CVE-2024-41177
Published : Aug. 3, 2025, 10:15 a.m. | 23 hours, 24 minutes ago
Description : Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 10:15:00 GMT

read more

CVE-2025-8506 - wx-shop Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8506
Published : Aug. 3, 2025, 9:15 a.m. | 1 day ago
Description : A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 09:15:00 GMT

read more

CVE-2025-8505 - wx-shop Cross-Site Request Forgery (CSRF) Vulnerability

CVE ID : CVE-2025-8505
Published : Aug. 3, 2025, 8:15 a.m. | 1 day, 1 hour ago
Description : A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 08:15:00 GMT

read more

CVE-2025-8504 - "Code-Projects Kitchen Treasure File Upload Vulnerability"

CVE ID : CVE-2025-8504
Published : Aug. 3, 2025, 8:15 a.m. | 1 day ago
Description : A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 08:15:00 GMT

read more

CVE-2025-8502 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8502
Published : Aug. 3, 2025, 7:15 a.m. | 23 hours, 47 minutes ago
Description : A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation of the argument ups leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 07:15:00 GMT

read more

CVE-2025-8503 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8503
Published : Aug. 3, 2025, 7:15 a.m. | 23 hours, 47 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1.0. Affected by this issue is some unknown functionality of the file /adaddmed.php. The manipulation of the argument mname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 07:15:00 GMT

read more

CVE-2025-8501 - Human Resource Integrated System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8501
Published : Aug. 3, 2025, 6:15 a.m. | 1 day ago
Description : A vulnerability classified as problematic has been found in code-projects Human Resource Integrated System 1.0. Affected is an unknown function of the file /insert-and-view/action.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 06:15:00 GMT

read more

CVE-2025-8499 - Code-Projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8499
Published : Aug. 3, 2025, 5:15 a.m. | 1 day, 1 hour ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cusfindambulence2.php. The manipulation of the argument Search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 05:15:00 GMT

read more

CVE-2025-8500 - Code-projects Human Resource Integrated System SQL Injection Vulnerability

CVE ID : CVE-2025-8500
Published : Aug. 3, 2025, 5:15 a.m. | 1 day, 1 hour ago
Description : A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insert-and-view/action.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 05:15:00 GMT

read more

CVE-2025-8498 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8498
Published : Aug. 3, 2025, 4:15 a.m. | 1 day, 2 hours ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0. It has been classified as critical. This affects an unknown part of the file /cart/index.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-8497 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8497
Published : Aug. 3, 2025, 4:15 a.m. | 1 day ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /cusfindphar2.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-52131 - XWiki Mocca Calendar XSS

CVE ID : CVE-2025-52131
Published : Aug. 3, 2025, 4:15 a.m. | 20 hours, 51 minutes ago
Description : The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-52132 - XWiki Mocca Calendar XSS Vulnerability

CVE ID : CVE-2025-52132
Published : Aug. 3, 2025, 4:15 a.m. | 20 hours, 51 minutes ago
Description : The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-52133 - XWiki Mocca Calendar XSS

CVE ID : CVE-2025-52133
Published : Aug. 3, 2025, 4:15 a.m. | 20 hours, 51 minutes ago
Description : The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-8496 - Projectworlds Online Admission System SQL Injection Vulnerability

CVE ID : CVE-2025-8496
Published : Aug. 3, 2025, 4:15 a.m. | 20 hours, 51 minutes ago
Description : A vulnerability has been found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /viewform.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 04:15:00 GMT

read more

CVE-2025-8495 - Code-projects Intern Membership Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8495
Published : Aug. 3, 2025, 2:15 a.m. | 14 hours, 33 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/edit_admin_query.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 02:15:00 GMT

read more

CVE-2025-54351 - Iperf Buffer Overflow

CVE ID : CVE-2025-54351
Published : Aug. 3, 2025, 2:15 a.m. | 12 hours, 51 minutes ago
Description : In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 02:15:00 GMT

read more

CVE-2025-54349 - Iperf Heap-Based Buffer Overflow

CVE ID : CVE-2025-54349
Published : Aug. 3, 2025, 2:15 a.m. | 11 hours, 22 minutes ago
Description : In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 02:15:00 GMT

read more

CVE-2025-54350 - Iperf Base64Decode Assertion Failure Vulnerability

CVE ID : CVE-2025-54350
Published : Aug. 3, 2025, 2:15 a.m. | 11 hours, 22 minutes ago
Description : In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 02:15:00 GMT

read more

CVE-2025-54955 - OpenNebula FireEdge JWT Authentication Bypass

CVE ID : CVE-2025-54955
Published : Aug. 3, 2025, 12:15 a.m. | 12 hours, 27 minutes ago
Description : OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 00:15:00 GMT

read more

CVE-2025-8494 - Code-projects Intern Membership Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8494
Published : Aug. 3, 2025, 12:15 a.m. | 12 hours, 27 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /admin/delete_student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 03 Aug 2025 00:15:00 GMT

read more

CVE-2025-23290 - NVIDIA vGPU Information Disclosure Vulnerability

CVE ID : CVE-2025-23290
Published : Aug. 2, 2025, 11:15 p.m. | 11 hours, 26 minutes ago
Description : NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2025-8493 - Code-projects Intern Membership Management System SQL Injection Vulnerability

CVE ID : CVE-2025-8493
Published : Aug. 2, 2025, 11:15 p.m. | 11 hours, 26 minutes ago
Description : A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2023-32253 - Linux Kernel ksmbd Deadlock Denial of Service Vulnerability

CVE ID : CVE-2023-32253
Published : Aug. 2, 2025, 11:15 p.m. | 9 hours, 51 minutes ago
Description : A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2023-32255 - Linux Kernel ksmbd NTLMSSP Memory Leak

CVE ID : CVE-2023-32255
Published : Aug. 2, 2025, 11:15 p.m. | 9 hours, 51 minutes ago
Description : A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2025-23284 - NVIDIA vGPU Stack Buffer Overflow Vulnerability

CVE ID : CVE-2025-23284
Published : Aug. 2, 2025, 11:15 p.m. | 9 hours, 51 minutes ago
Description : NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2025-23285 - NVIDIA vGPU Denial of Service

CVE ID : CVE-2025-23285
Published : Aug. 2, 2025, 11:15 p.m. | 9 hours, 51 minutes ago
Description : NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 23:15:00 GMT

read more

CVE-2025-23283 - NVIDIA vGPU Virtual GPU Manager Stack Buffer Overflow

CVE ID : CVE-2025-23283
Published : Aug. 2, 2025, 10:15 p.m. | 8 hours, 50 minutes ago
Description : NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23286 - NVIDIA GPU Display Driver Memory Disclosure Vulnerability

CVE ID : CVE-2025-23286
Published : Aug. 2, 2025, 10:15 p.m. | 8 hours, 50 minutes ago
Description : NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23287 - NVIDIA GPU Display Driver Windows Information Disclosure

CVE ID : CVE-2025-23287
Published : Aug. 2, 2025, 10:15 p.m. | 8 hours, 50 minutes ago
Description : NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23288 - NVIDIA GPU Display Driver for Windows Information Disclosure

CVE ID : CVE-2025-23288
Published : Aug. 2, 2025, 10:15 p.m. | 8 hours, 50 minutes ago
Description : NVIDIA GPU Display Driver for Windows contains a vulnerability  where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of this vulnerability may lead to Information disclosure.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23278 - NVIDIA Display Driver Index Validation Vulnerability

CVE ID : CVE-2025-23278
Published : Aug. 2, 2025, 10:15 p.m. | 6 hours, 50 minutes ago
Description : NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering  or denial of service.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23279 - NVIDIA run Installer Privilege Escalation Vulnerability

CVE ID : CVE-2025-23279
Published : Aug. 2, 2025, 10:15 p.m. | 6 hours, 50 minutes ago
Description : NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23281 - NVIDIA GPU Display Driver for Windows Use-After-Free Vulnerability

CVE ID : CVE-2025-23281
Published : Aug. 2, 2025, 10:15 p.m. | 6 hours, 50 minutes ago
Description : NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23276 - NVIDIA Installer for Windows Privilege Escalation Vulnerability

CVE ID : CVE-2025-23276
Published : Aug. 2, 2025, 10:15 p.m. | 4 hours, 50 minutes ago
Description : NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of service, code execution, information disclosure and data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-23277 - NVIDIA Display Driver Kernel Mode Driver Out-of-Bounds Memory Access Vulnerability

CVE ID : CVE-2025-23277
Published : Aug. 2, 2025, 10:15 p.m. | 4 hours, 50 minutes ago
Description : NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information disclosure.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 22:15:00 GMT

read more

CVE-2025-8471 - Projectworlds Online Admission System SQL Injection

CVE ID : CVE-2025-8471
Published : Aug. 2, 2025, 7:15 p.m. | 7 hours, 51 minutes ago
Description : A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulation of the argument a_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 19:15:00 GMT

read more

CVE-2025-8470 - SourceCodester Online Hotel Reservation System SQL Injection Vulnerability

CVE ID : CVE-2025-8470
Published : Aug. 2, 2025, 6:15 p.m. | 8 hours, 50 minutes ago
Description : A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/deleteroom.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 18:15:00 GMT

read more

CVE-2025-8469 - SourceCodester Online Hotel Reservation System SQL Injection Vulnerability

CVE ID : CVE-2025-8469
Published : Aug. 2, 2025, 5:15 p.m. | 9 hours, 50 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/deletegallery.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 17:15:00 GMT

read more

CVE-2025-8468 - Code-projects Wazifa System SQL Injection Vulnerability

CVE ID : CVE-2025-8468
Published : Aug. 2, 2025, 3:15 p.m. | 11 hours, 50 minutes ago
Description : A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /controllers/reset.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 15:15:00 GMT

read more

CVE-2025-7500 - WordPress Ocean Social Sharing Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-7500
Published : Aug. 2, 2025, 12:15 p.m. | 13 hours, 21 minutes ago
Description : The Ocean Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via social icon titles in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 12:15:00 GMT

read more

CVE-2025-7710 - "Brave Conversion Engine WordPress Facebook Authentication Bypass"

CVE ID : CVE-2025-7710
Published : Aug. 2, 2025, 12:15 p.m. | 13 hours, 21 minutes ago
Description : The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 12:15:00 GMT

read more

CVE-2025-8467 - Code-Projects Wazifa System SQL Injection Vulnerability

CVE ID : CVE-2025-8467
Published : Aug. 2, 2025, 11:15 a.m. | 14 hours, 21 minutes ago
Description : A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /controllers/regcontrol.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 11:15:00 GMT

read more

CVE-2025-8488 - Elementor Header Footer Builder Unauthorized Data Modification Vulnerability

CVE ID : CVE-2025-8488
Published : Aug. 2, 2025, 10:15 a.m. | 15 hours, 21 minutes ago
Description : The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_hfe_compatibility_option_callback ()function in all versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the compatibility option setting.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 10:15:00 GMT

read more

CVE-2025-6722 - BitFire Security - WordPress Firewall, WAF, Bot/Spam Blocker, Login Security Sensitive Information Exposure

CVE ID : CVE-2025-6722
Published : Aug. 2, 2025, 10:15 a.m. | 12 hours, 30 minutes ago
Description : The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_* directory that automatically gets created and stores potentially sensitive files without any access restrictions. This makes it possible for unauthenticated attackers to extract sensitive data from various files like config.ini, debug.log, and more.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 10:15:00 GMT

read more

CVE-2025-6832 - WordPress All in One Time Clock Lite Reflected Cross-Site Scripting

CVE ID : CVE-2025-6832
Published : Aug. 2, 2025, 9:15 a.m. | 13 hours, 30 minutes ago
Description : The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 09:15:00 GMT

read more

CVE-2025-8391 - WordPress Magic Edge Lite Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8391
Published : Aug. 2, 2025, 9:15 a.m. | 13 hours, 29 minutes ago
Description : The Magic Edge – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 09:15:00 GMT

read more

CVE-2025-8399 - WordPress Mmm Unity Loader Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8399
Published : Aug. 2, 2025, 9:15 a.m. | 13 hours, 29 minutes ago
Description : The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 09:15:00 GMT

read more

CVE-2025-8400 - WordPress Image Gallery Reflected Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8400
Published : Aug. 2, 2025, 9:15 a.m. | 13 hours, 29 minutes ago
Description : The Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 09:15:00 GMT

read more

CVE-2025-8466 - Code-projects Online Farm System SQL Injection

CVE ID : CVE-2025-8466
Published : Aug. 2, 2025, 9:15 a.m. | 13 hours, 29 minutes ago
Description : A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /forgot_passfarmer.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 09:15:00 GMT

read more

CVE-2025-8212 - Elementor Medical Addon Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-8212
Published : Aug. 2, 2025, 8:15 a.m. | 14 hours, 30 minutes ago
Description : The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-8317 - WordPress Custom Word Cloud Stored Cross-Site Scripting

CVE ID : CVE-2025-8317
Published : Aug. 2, 2025, 8:15 a.m. | 14 hours, 30 minutes ago
Description : The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-4588 - WordPress 360 Photo Spheres Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4588
Published : Aug. 2, 2025, 8:15 a.m. | 13 hours, 21 minutes ago
Description : The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sphere' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-6626 - ShortPixel Adaptive Images WordPress Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6626
Published : Aug. 2, 2025, 8:15 a.m. | 13 hours, 21 minutes ago
Description : The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-6754 - "WordPress SEO Metrics Privilege Escalation"

CVE ID : CVE-2025-6754
Published : Aug. 2, 2025, 8:15 a.m. | 13 hours, 21 minutes ago
Description : The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() function in versions 1.0.5 through 1.0.15. Because the AJAX action only verifies a nonce, without checking the caller’s capabilities, a subscriber-level user can retrieve the token and then access the custom endpoint to obtain full administrator cookies.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-8152 - WordPress WP CTA - Call To Action Plugin Unauthenticated Data Modification Vulnerability

CVE ID : CVE-2025-8152
Published : Aug. 2, 2025, 8:15 a.m. | 13 hours, 21 minutes ago
Description : The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 08:15:00 GMT

read more

CVE-2025-8146 - "Qi Addons For Elementor Stored Cross-Site Scripting"

CVE ID : CVE-2025-8146
Published : Aug. 2, 2025, 5:15 a.m. | 16 hours, 21 minutes ago
Description : The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 05:15:00 GMT

read more

CVE-2025-7694 - WordPress Woffice Core Plugin File Deletion Vulnerability

CVE ID : CVE-2025-7694
Published : Aug. 2, 2025, 4:15 a.m. | 17 hours, 20 minutes ago
Description : The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 04:15:00 GMT

read more

CVE-2025-6076 - Partner Software's Partner Software and Partner Web application File Upload Privilege Escalation

CVE ID : CVE-2025-6076
Published : Aug. 2, 2025, 3:15 a.m. | 18 hours, 21 minutes ago
Description : Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 03:15:00 GMT

read more

CVE-2025-6077 - Partner Software's Partner Software Product and Web Application Default Administrator Credentials Vulnerability

CVE ID : CVE-2025-6077
Published : Aug. 2, 2025, 3:15 a.m. | 18 hours, 21 minutes ago
Description : Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 03:15:00 GMT

read more

CVE-2025-6078 - Partner Software's Partner Software Stored XSS Vulnerability

CVE ID : CVE-2025-6078
Published : Aug. 2, 2025, 3:15 a.m. | 18 hours, 21 minutes ago
Description : Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 03:15:00 GMT

read more

CVE-2025-54796 - Copyparty Denial of Service (DoS) Regular Expression Injection

CVE ID : CVE-2025-54796
Published : Aug. 2, 2025, 12:15 a.m. | 18 hours, 29 minutes ago
Description : Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54790 - Apache Files SQL Injection

CVE ID : CVE-2025-54790
Published : Aug. 2, 2025, 12:15 a.m. | 17 hours, 20 minutes ago
Description : Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54789 - Apache Files Cross-Site Scripting (XSS)

CVE ID : CVE-2025-54789
Published : Aug. 2, 2025, 12:15 a.m. | 16 hours, 10 minutes ago
Description : Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54782 - Nest Devtools Integration Remote Code Execution Vulnerability

CVE ID : CVE-2025-54782
Published : Aug. 2, 2025, 12:15 a.m. | 14 hours, 9 minutes ago
Description : Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54386 - Traefik WASM Plugin Path Traversal Vulnerability

CVE ID : CVE-2025-54386
Published : Aug. 2, 2025, 12:15 a.m. | 12 hours, 8 minutes ago
Description : Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54781 - Microsoft Azure Entra ID/Intune Token Leak Vulnerability

CVE ID : CVE-2025-54781
Published : Aug. 2, 2025, 12:15 a.m. | 12 hours, 8 minutes ago
Description : Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54133 - Cursor Model Context Protocol (MCP) UI Information Disclosure Vulnerability

CVE ID : CVE-2025-54133
Published : Aug. 2, 2025, 12:15 a.m. | 10 hours, 6 minutes ago
Description : Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP (Model Context Protocol) deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When users click malicious `cursor://anysphere.cursor-deeplink/mcp/install` links, the installation dialog does not show the arguments being passed to the command being run. If a user clicks a malicious deeplink, then examines the installation dialog and clicks through, the full command including the arguments will be executed on the machine. This is fixed in version 1.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54136 - Cursor Remote Code Execution Vulnerability

CVE ID : CVE-2025-54136
Published : Aug. 2, 2025, 12:15 a.m. | 10 hours, 6 minutes ago
Description : Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.exe) without triggering any warning or re-prompt. If an attacker has write permissions on a user's active branches of a source repository that contains existing MCP servers the user has previously approved, or allows an attacker has arbitrary file-write locally, the attacker can achieve arbitrary code execution. This is fixed in version 1.3.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 02 Aug 2025 00:15:00 GMT

read more

CVE-2025-54792 - LocalSend Man-in-the-Middle Vulnerability

CVE ID : CVE-2025-54792
Published : Aug. 1, 2025, 11:15 p.m. | 11 hours, 6 minutes ago
Description : LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discovery protocol allows an unauthenticated attacker on the same local network to impersonate legitimate devices, silently intercepting, reading, and modifying any file transfer. This can be used to steal sensitive data or inject malware, like ransomware, into files shared between trusted users. The attack is hardly detectable and easy to implement, posing a severe and immediate security risk. This issue was fixed in version 1.17.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 23:15:00 GMT

read more

CVE-2025-54131 - Cursor Command Injection Bypass

CVE ID : CVE-2025-54131
Published : Aug. 1, 2025, 11:15 p.m. | 9 hours, 50 minutes ago
Description : Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or $(cmd). If a user has swapped Cursor from its default settings (requiring approval for every terminal call) to an allowlist, an attacker can execute arbitrary command execution outside of the allowlist without user approval. An attacker can trigger this vulnerability if chained with indirect prompt injection. This is fixed in version 1.3.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 23:15:00 GMT

read more

CVE-2025-54132 - "Cursor Mermaid Image Exfiltration Vulnerability"

CVE ID : CVE-2025-54132
Published : Aug. 1, 2025, 11:15 p.m. | 9 hours, 50 minutes ago
Description : Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) in order to exploit. In that case, it can send sensitive information to an attacker-controlled external server. This is fixed in version 1.3.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 23:15:00 GMT

read more

CVE-2025-54424 - 1Panel Remote Code Execution (RCE) via Incomplete Certificate Verification

CVE ID : CVE-2025-54424
Published : Aug. 1, 2025, 11:15 p.m. | 9 hours, 50 minutes ago
Description : 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 23:15:00 GMT

read more

CVE-2024-13978 - LibTIFF Null Pointer Dereference Vulnerability

CVE ID : CVE-2024-13978
Published : Aug. 1, 2025, 10:15 p.m. | 10 hours, 50 minutes ago
Description : A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 22:15:00 GMT

read more

CVE-2013-10063 - Netgear SPH200D Path Traversal Vulnerability

CVE ID : CVE-2013-10063
Published : Aug. 1, 2025, 9:15 p.m. | 11 hours, 50 minutes ago
Description : A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10057 - Synactis PDF In-The-Box ActiveX Control Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2013-10057
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec call—a strcpy operation overwrites a saved TRegistry class pointer on the stack. This allows remote attackers to execute arbitrary code in the context of the user by enticing them to visit a malicious webpage that instantiates the vulnerable ActiveX control. The vulnerability was discovered via its use in third-party software such as Logic Print 2013.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10058 - Linksys Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10058
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the ping_size parameter during diagnostic operations. An attacker with valid credentials can inject arbitrary shell commands, enabling remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10059 - D-Link Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10059
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm diagnostic interface, allowing attackers to inject arbitrary shell commands using backtick encapsulation. With default credentials, an attacker can exploit this blind injection vector to execute arbitrary commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10060 - Netgear Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10060
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10061 - Netgear Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10061
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10062 - "Linksys Router Directory Traversal Vulnerability"

CVE ID : CVE-2013-10062
Published : Aug. 1, 2025, 9:15 p.m. | 9 hours, 50 minutes ago
Description : A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10053 - ZPanel Remote Command Execution Vulnerability

CVE ID : CVE-2013-10053
Published : Aug. 1, 2025, 9:15 p.m. | 7 hours, 1 minute ago
Description : A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an authenticated attacker can execute arbitrary system commands. Exploitation requires a valid ZPanel account—such as one in the default Users, Resellers, or Administrators groups—but no elevated privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10055 - Havalite CMS Unauthenticated Remote Code Execution File Upload Vulnerability

CVE ID : CVE-2013-10055
Published : Aug. 1, 2025, 9:15 p.m. | 7 hours, 1 minute ago
Description : An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10049 - Raidsonic NAS Command Injection Vulnerability

CVE ID : CVE-2013-10049
Published : Aug. 1, 2025, 9:15 p.m. | 5 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone parameter of a POST request, allowing remote attackers to inject arbitrary shell commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10050 - D-Link Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10050
Published : Aug. 1, 2025, 9:15 p.m. | 5 hours, 50 minutes ago
Description : An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10051 - InstantCMS PHP Code Execution Vulnerability

CVE ID : CVE-2013-10051
Published : Aug. 1, 2025, 9:15 p.m. | 5 hours, 50 minutes ago
Description : A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2012-10022 - Kloxo Setuid Root Privilege Escalation

CVE ID : CVE-2012-10022
Published : Aug. 1, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10044 - OpenEMR SQL Injection and Unrestricted File Upload Vulnerability

CVE ID : CVE-2013-10044
Published : Aug. 1, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10046 - Agnitum Outpost Internet Security Named Pipe Privilege Escalation Vulnerability

CVE ID : CVE-2013-10046
Published : Aug. 1, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10047 - MiniWeb HTTP Server Unrestricted File Upload and Privilege Escalation Vulnerability

CVE ID : CVE-2013-10047
Published : Aug. 1, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2013-10048 - D-Link Router OS Command Injection Vulnerability

CVE ID : CVE-2013-10048
Published : Aug. 1, 2025, 9:15 p.m. | 1 hour, 29 minutes ago
Description : An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 21:15:00 GMT

read more

CVE-2025-8472 - Alpine iLX-507 Bluetooth vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-8472
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-26316.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8473 - Alpine iLX-507 Command Injection Vulnerability

CVE ID : CVE-2025-8473
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wstpCBCUpdStart function. The issue results from the lack of proper validation of user-supplied data before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26317.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8474 - Alpine iLX-507 CarPlay Stack-based Buffer Overflow

CVE ID : CVE-2025-8474
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26318.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8475 - Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-8475
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the implementation of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26321.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8476 - Alpine iLX-507 TIDAL Certificate Validation Bypass Root RCE

CVE ID : CVE-2025-8476
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming application. The issue results from improper certificate validation. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26322.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8477 - Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-8477
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data. The issue results from the lack of proper validation of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26324.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-8480 - Alpine iLX-507 Tidal Music Streaming Command Injection Remote Code Execution

CVE ID : CVE-2025-8480
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours, 28 minutes ago
Description : Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tidal music streaming application. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26357.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6037 - Hashicorp Vault TLS Client Certificate Validation Bypass

CVE ID : CVE-2025-6037
Published : Aug. 1, 2025, 6:15 p.m. | 4 hours ago
Description : Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-50869 - Institute-of-Current-Students XSS

CVE ID : CVE-2025-50869
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-50870 - Institute-of-Current-Students Student Information Disclosure via Incorrect Access Control

CVE ID : CVE-2025-50870
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information without validating the identity or permissions of the requesting user. This allows any authenticated or unauthenticated attacker to enumerate and retrieve sensitive student details by altering the email value in the request URL, leading to information disclosure.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-53009 - MaterialX Stack Exhaustion Crash Vulnerability

CVE ID : CVE-2025-53009
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-53010 - MaterialX Null Pointer Dereference Denial of Service

CVE ID : CVE-2025-53010
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-53011 - MaterialX Null Pointer Dereference

CVE ID : CVE-2025-53011
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses MaterialX by sending a malicious MTLX file. This is fixed in version 1.39.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-53012 - MaterialX Stack Overflow

CVE ID : CVE-2025-53012
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. When parsing file imports, recursion is used to process nested files; however, there is no limit imposed to the depth of files that can be parsed by the library. By building a sufficiently deep chain of MaterialX files one referencing the next, it is possible to crash the process using the MaterialX library via stack exhaustion. This is fixed in version 1.39.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-54564 - ChargePoint Home Flex Unvalidated Decompression Vulnerability

CVE ID : CVE-2025-54564
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-54574 - Squid Heap Buffer Overflow (Remote Code Execution)

CVE ID : CVE-2025-54574
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-54590 - Apache WebFinger SSRF Vulnerability

CVE ID : CVE-2025-54590
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. In versions 2.8.0 and below, the lookup function accepts user addresses for account checking. However, the ActivityPub specification requires preventing access to localhost services in production. This library does not prevent localhost access, only checking for hosts that start with "localhost" and end with a port. Users can exploit this by creating servers that send GET requests with controlled host, path, and port parameters to query services on the instance's host or local network, enabling blind SSRF attacks. This is fixed in version 2.8.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-54593 - FreshRSS Remote Code Execution Vulnerability

CVE ID : CVE-2025-54593
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain code execution after running an update. After successfully executing code, user data including hashed passwords can be exfiltrated, the instance can be defaced when file permissions allow. Malicious code can be inserted into the instance to steal plaintext passwords, among others. This is fixed in version 1.26.2.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-54595 - Pearcleaner Privilege Escalation Vulnerability

CVE ID : CVE-2025-54595
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is registered and activated only after the user approves a system prompt to allow privileged operations. Upon approval, the helper is configured as a LaunchDaemon and runs with root privileges. In versions 4.4.0 through 4.5.1, the helper registers an XPC service (com.alienator88.Pearcleaner.PearcleanerHelper) and accepts unauthenticated connections from any local process. It exposes a method that executes arbitrary shell commands. This allows any local unprivileged user to escalate privileges to root once the helper is approved and active. This issue is fixed in version 4.5.2.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-5999 - "Vault Privileged Escalation Vulnerability"

CVE ID : CVE-2025-5999
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6000 - Apache Vault Code Execution Vulnerability

CVE ID : CVE-2025-6000
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6004 - Vault User Lockout Bypass

CVE ID : CVE-2025-6004
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6011 - HashiCorp Vault Userpass Timing Side Channel Disclosure

CVE ID : CVE-2025-6011
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6014 - Vault TOTP Secrets Engine Code Reuse Vulnerability

CVE ID : CVE-2025-6014
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-6015 - Vault Two-Factor Authentication Bypass and Token Reuse

CVE ID : CVE-2025-6015
Published : Aug. 1, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 18:15:00 GMT

read more

CVE-2025-45150 - LangChain-ChatGLM-Webui File Disclosure Vulnerability

CVE ID : CVE-2025-45150
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2025-45778 - The Language Sloth Web Application Stored XSS

CVE ID : CVE-2025-45778
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2025-48074 - OpenEXR DataWindow Size Validation Vulnerability

CVE ID : CVE-2025-48074
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance degradation when processing malicious files. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2025-51501 - Microweber CMS Reflected Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-51501
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2025-51502 - Microweber CMS Reflected Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-51502
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2025-51504 - Microweber CMS Cross Site Scripting (XSS)

CVE ID : CVE-2025-51504
Published : Aug. 1, 2025, 5:15 p.m. | 1 hour ago
Description : Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 17:15:00 GMT

read more

CVE-2019-19144 - Quantum DXi6702 XML External Entity Injection Vulnerability

CVE ID : CVE-2019-19144
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-44139 - Emlog Pro File Upload Vulnerability

CVE ID : CVE-2025-44139
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-50460 - Apache Ms-Swift Remote Code Execution (RCE)

CVE ID : CVE-2025-50460
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file passed to the --run_config parameter, arbitrary code can be executed during deserialization. This can lead to full system compromise. The vulnerability is triggered when a malicious YAML file is loaded, allowing the execution of arbitrary Python commands such as os.system(). It is recommended to upgrade PyYAML to version 5.4 or higher, and to use yaml.safe_load() to mitigate the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-50472 - Apache Spark - Deserialization Code Execution Vulnerability

CVE ID : CVE-2025-50472
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_model_meta()` function of the `ModelFileSystemCache()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized `.mdl` payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine. Note that the payload file is a hidden file, making it difficult for the victim to detect tampering. More importantly, during the model training process, after the `.mdl` file is loaded and executes arbitrary code, the normal training process remains unaffected'meaning the user remains unaware of the arbitrary code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-52327 - Restaurant Order System SQL Injection

CVE ID : CVE-2025-52327
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-52361 - Lighttpd AK-Nord USB-Server-LXL Root Command Execution

CVE ID : CVE-2025-52361
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-52390 - Saurus CMS SQL Injection Vulnerability

CVE ID : CVE-2025-52390
Published : Aug. 1, 2025, 4:15 p.m. | 2 hours ago
Description : Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 16:15:00 GMT

read more

CVE-2025-45767 - Jose Weak Encryption Vulnerability

CVE ID : CVE-2025-45767
Published : Aug. 1, 2025, 3:15 p.m. | 3 hours ago
Description : jose v6.0.10 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 15:15:00 GMT

read more

CVE-2023-44976 - Shunwang Rentdrv2 EDR Process Termination Vulnerability

CVE ID : CVE-2023-44976
Published : Aug. 1, 2025, 2:15 p.m. | 4 hours ago
Description : Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 14:15:00 GMT

read more

CVE-2025-46018 - CSC Pay Mobile App Bluetooth Payment Authorization Bypass Vulnerability

CVE ID : CVE-2025-46018
Published : Aug. 1, 2025, 2:15 p.m. | 4 hours ago
Description : CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 14:15:00 GMT

read more

CVE-2025-41370 - Gandia Integra Total TESI SQL Injection Vulnerability

CVE ID : CVE-2025-41370
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb/html/view/acceso.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41371 - Gandia Integra Total TESI SQL Injection

CVE ID : CVE-2025-41371
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb_v4/integra/html/view/acceso.php
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41372 - Gandia Integra Total TESI SQL Injection

CVE ID : CVE-2025-41372
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/informe_campo_entrevistas.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41373 - Gandia Integra Total TESI SQL Injection

CVE ID : CVE-2025-41373
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41374 - Gandia Integra Total TESI SQL Injection Vulnerability

CVE ID : CVE-2025-41374
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41375 - Gandia Integra Total TESI SQL Injection Vulnerability

CVE ID : CVE-2025-41375
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultaincimails.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-41376 - Gandia Integra Total TESI SQL Injection Vulnerability

CVE ID : CVE-2025-41376
Published : Aug. 1, 2025, 1:15 p.m. | 5 hours ago
Description : A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 13:15:00 GMT

read more

CVE-2025-4684 - WordPress BlockSpare Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4684
Published : Aug. 1, 2025, 12:15 p.m. | 6 hours ago
Description : The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of Image Carousel and Image Slider widgets in all versions up to, and including, 3.2.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 12:15:00 GMT

read more

CVE-2025-6228 - Sina Extension for Elementor Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6228
Published : Aug. 1, 2025, 12:15 p.m. | 6 hours ago
Description : The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Sina Posts`, `Sina Blog Post` and `Sina Table` widgets in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 12:15:00 GMT

read more

CVE-2025-6398 - ASUS AI Suite 3 Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-6398
Published : Aug. 1, 2025, 9:15 a.m. | 7 hours, 50 minutes ago
Description : A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the ' Security Update for for AI Suite 3 ' section on the ASUS Security Advisory for more information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 09:15:00 GMT

read more

CVE-2025-8443 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8443
Published : Aug. 1, 2025, 9:15 a.m. | 7 hours, 50 minutes ago
Description : A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 09:15:00 GMT

read more

CVE-2025-8441 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8441
Published : Aug. 1, 2025, 8:15 a.m. | 8 hours, 50 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 08:15:00 GMT

read more

CVE-2025-8442 - Code-projects Online Medicine Guide SQL Injection Vulnerability

CVE ID : CVE-2025-8442
Published : Aug. 1, 2025, 8:15 a.m. | 8 hours, 50 minutes ago
Description : A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 08:15:00 GMT

read more

CVE-2025-8438 - Code-Projects Wazifa System SQL Injection Vulnerability

CVE ID : CVE-2025-8438
Published : Aug. 1, 2025, 7:15 a.m. | 9 hours, 50 minutes ago
Description : A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file /controllers/postpublish.php. The manipulation of the argument post leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 07:15:00 GMT

read more

CVE-2025-8439 - Wazifa System SQL Injection Vulnerability

CVE ID : CVE-2025-8439
Published : Aug. 1, 2025, 7:15 a.m. | 9 hours, 50 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. The manipulation of the argument Password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 07:15:00 GMT

read more

CVE-2025-7646 - Elementor Addons Stored Cross-Site Scripting

CVE ID : CVE-2025-7646
Published : Aug. 1, 2025, 7:15 a.m. | 8 hours, 19 minutes ago
Description : The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfiltered_html capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 07:15:00 GMT

read more

CVE-2025-8437 - Kitchen Treasure SQL Injection Vulnerability

CVE ID : CVE-2025-8437
Published : Aug. 1, 2025, 7:15 a.m. | 8 hours, 19 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 07:15:00 GMT

read more

CVE-2025-31716 - Cisco Bootloader Out-of-Bounds Write Denial of Service

CVE ID : CVE-2025-31716
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 06:15:00 GMT

read more

CVE-2025-54939 - LiteSpeed QUIC (LSQUIC) Library LSQUIC Engine Packet In Memory Leak

CVE ID : CVE-2025-54939
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 06:15:00 GMT

read more

CVE-2025-5921 - "SureForms WordPress Reflected Cross-Site Scripting"

CVE ID : CVE-2025-5921
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 06:15:00 GMT

read more

CVE-2025-8436 - Projectworlds Online Admission System SQL Injection Vulnerability

CVE ID : CVE-2025-8436
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /viewdoc.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 06:15:00 GMT

read more

CVE-2025-8454 - Debian Package devscripts OpenPGP Verification Bypass

CVE ID : CVE-2025-8454
Published : Aug. 1, 2025, 6:15 a.m. | 9 hours, 19 minutes ago
Description : It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 06:15:00 GMT

read more

CVE-2025-8435 - Code-projects Online Movie Streaming PHP Remote Authorization Bypass Vulnerability

CVE ID : CVE-2025-8435
Published : Aug. 1, 2025, 5:15 a.m. | 10 hours, 14 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 05:15:00 GMT

read more

CVE-2025-7725 - WordPress OpenAI Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-7725
Published : Aug. 1, 2025, 5:15 a.m. | 8 hours, 56 minutes ago
Description : The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 05:15:00 GMT

read more

CVE-2025-7845 - Stratum Elementor Widgets Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-7845
Published : Aug. 1, 2025, 5:15 a.m. | 8 hours, 56 minutes ago
Description : The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 05:15:00 GMT

read more

CVE-2025-4523 - IDonate WordPress Plugin Unauthorized Data Access Vulnerability

CVE ID : CVE-2025-4523
Published : Aug. 1, 2025, 5:15 a.m. | 7 hours, 50 minutes ago
Description : The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator’s username, email address, and all donor fields.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 05:15:00 GMT

read more

CVE-2025-7443 - BerqWP Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-7443
Published : Aug. 1, 2025, 5:15 a.m. | 7 hours, 50 minutes ago
Description : The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 05:15:00 GMT

read more

CVE-2025-54846 - Apache HTTP Server HTTP Request Smuggling

CVE ID : CVE-2025-54846
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54847 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-54847
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-5947 - WordPress Service Finder Bookings Privilege Escalation

CVE ID : CVE-2025-5947
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-8433 - Dell Document Management System Path Traversal Vulnerability

CVE ID : CVE-2025-8433
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-8434 - Apache Code-projects Online Movie Streaming Remote File Inclusion Vulnerability

CVE ID : CVE-2025-8434
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 49 minutes ago
Description : A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54844 - Apache Struts Command Execution

CVE ID : CVE-2025-54844
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 13 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54845 - Adobe Flash Memory Corruption Vulnerability

CVE ID : CVE-2025-54845
Published : Aug. 1, 2025, 4:16 a.m. | 8 hours, 13 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54842 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-54842
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54843 - Fortinet DNS Server Insufficient Input Validation

CVE ID : CVE-2025-54843
Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2019-19145 - Quantum SuperLoader 3 Password Brute Force

CVE ID : CVE-2019-19145
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-53399 - Sipwise RTPengine RTP Stream Injection and Interception Vulnerability

CVE ID : CVE-2025-53399
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1.1 fixes the heuristic mode by limiting exposure to the first five packets, and introduces a recrypt flag that fully prevents SRTP attacks when both mitigations are enabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54657 - Apache Struts Command Injection

CVE ID : CVE-2025-54657
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54839 - Apache HTTP Server Cross-Site Request Forgery

CVE ID : CVE-2025-54839
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54840 - Apache HTTP Server Denial of Service

CVE ID : CVE-2025-54840
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-54841 - Apache Struts SQL Injection

CVE ID : CVE-2025-54841
Published : Aug. 1, 2025, 4:16 a.m. | 2 hours, 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 04:16:00 GMT

read more

CVE-2025-5954 - WordPress Service Finder SMS System Plugin Unauthenticated Administrator Account Takeover Vulnerability

CVE ID : CVE-2025-5954
Published : Aug. 1, 2025, 3:15 a.m. | 3 hours, 11 minutes ago
Description : The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 03:15:00 GMT

read more

CVE-2025-8431 - PHPGurukul Boat Booking System SQL Injection Vulnerability

CVE ID : CVE-2025-8431
Published : Aug. 1, 2025, 2:15 a.m. | 4 hours, 11 minutes ago
Description : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 01 Aug 2025 02:15:00 GMT

read more

CVE-2025-48071 - OpenEXR ZIPS-packed Deep Scan-Line Heap Buffer Overflow

CVE ID : CVE-2025-48071
Published : July 31, 2025, 9:15 p.m. | 9 hours, 11 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2025-48072 - OpenEXR Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-48072
Published : July 31, 2025, 9:15 p.m. | 9 hours, 11 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2025-48073 - OpenEXR NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-48073
Published : July 31, 2025, 9:15 p.m. | 9 hours, 11 minutes ago
Description : OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. This is fixed in version 3.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2023-32251 - Linux Kernel ksmbd Dictionary Attack Bypass

CVE ID : CVE-2023-32251
Published : July 31, 2025, 9:15 p.m. | 7 hours, 50 minutes ago
Description : A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2025-23289 - NVIDIA Omniverse Launcher Information Disclosure Vulnerability

CVE ID : CVE-2025-23289
Published : July 31, 2025, 9:15 p.m. | 7 hours, 50 minutes ago
Description : NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2025-45768 - PyJWT Weak Encryption

CVE ID : CVE-2025-45768
Published : July 31, 2025, 9:15 p.m. | 7 hours, 50 minutes ago
Description : pyjwt v2.10.1 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 21:15:00 GMT

read more

CVE-2025-50572 - Archer Technology RSA Archer Code Execution Vulnerability

CVE ID : CVE-2025-50572
Published : July 31, 2025, 8:15 p.m. | 8 hours, 49 minutes ago
Description : An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-8286 - Güralp FMUS series Telnet Command Injection Vulnerability

CVE ID : CVE-2025-8286
Published : July 31, 2025, 8:15 p.m. | 8 hours, 49 minutes ago
Description : Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-37108 - "HPE Telco Service Activator Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-37108
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-37109 - HPE Telco Service Activator Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-37109
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-37110 - HPE Telco Network Function Virtual Orchestrator Information Disclosure

CVE ID : CVE-2025-37110
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-37111 - HPE Telco Network Function Virtual Orchestrator Authentication Key Storage Policy Information Disclosure

CVE ID : CVE-2025-37111
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-37112 - HPE Telco Network Function Virtual Orchestrator Key Storage Policy Information Disclosure

CVE ID : CVE-2025-37112
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-45769 - PHP JWT Weak Encryption Vulnerability

CVE ID : CVE-2025-45769
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : php-jwt v6.11.0 was discovered to contain weak encryption.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-45770 - "Auth0 JWT Weak Encryption Vulnerability"

CVE ID : CVE-2025-45770
Published : July 31, 2025, 8:15 p.m. | 6 hours, 50 minutes ago
Description : jwt v5.4.3 was discovered to contain weak encryption.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 20:15:00 GMT

read more

CVE-2025-26062 - Intelbras RX1500/3000 Unauthenticated Access to Settings File

CVE ID : CVE-2025-26062
Published : July 31, 2025, 7:15 p.m. | 7 hours, 50 minutes ago
Description : An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 19:15:00 GMT

read more

CVE-2025-26063 - Intelbras RX1500/3000 - Unauthenticated Remote Code Execution Vulnerability

CVE ID : CVE-2025-26063
Published : July 31, 2025, 7:15 p.m. | 7 hours, 50 minutes ago
Description : An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 19:15:00 GMT

read more

CVE-2025-26064 - Intelbras RX1500/RX3000 Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-26064
Published : July 31, 2025, 7:15 p.m. | 7 hours, 50 minutes ago
Description : A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 19:15:00 GMT

read more

CVE-2025-51385 - D-Link DI-8200 Buffer Overflow Vulnerability

CVE ID : CVE-2025-51385
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-51503 - Microweber CMS Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-51503
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-54832 - OPEXUS FOIAXpress Arbitrary State/Territory Modification Vulnerability

CVE ID : CVE-2025-54832
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-54833 - OPEXUS FOIAXpress Bypass Account-Lockout and CAPTCHA Protection Vulnerability

CVE ID : CVE-2025-54833
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-54834 - OPEXUS FOIAXpress Information Disclosure Vulnerability

CVE ID : CVE-2025-54834
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-8426 - Marvell QConvergeConsole Directory Traversal and Information Disclosure/DoS

CVE ID : CVE-2025-8426
Published : July 31, 2025, 6:15 p.m. | 8 hours, 49 minutes ago
Description : Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the compressConfigFiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-24915.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-51384 - D-Link DI-8200 IPsec Buffer Overflow

CVE ID : CVE-2025-51384
Published : July 31, 2025, 6:15 p.m. | 6 hours, 49 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2025-51383 - D-Link DI-8200 Buffer Overflow Vulnerability

CVE ID : CVE-2025-51383
Published : July 31, 2025, 6:15 p.m. | 2 hours, 49 minutes ago
Description : D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 18:15:00 GMT

read more

CVE-2024-34327 - Sielox AnyWare SQL Injection

CVE ID : CVE-2024-34327
Published : July 31, 2025, 5:15 p.m. | 3 hours, 49 minutes ago
Description : Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 17:15:00 GMT

read more

CVE-2025-50866 - CloudClassroom-PHP Project 1.0 Reflected Cross-site Scripting (XSS)

CVE ID : CVE-2025-50866
Published : July 31, 2025, 5:15 p.m. | 3 hours, 49 minutes ago
Description : CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 17:15:00 GMT

read more

CVE-2025-50867 - CloudClassroom-PHP-Project SQL Injection

CVE ID : CVE-2025-50867
Published : July 31, 2025, 4:15 p.m. | 4 hours, 49 minutes ago
Description : A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-52203 - DevaslanPHP Stored XSS

CVE ID : CVE-2025-52203
Published : July 31, 2025, 4:15 p.m. | 4 hours, 49 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are subsequently stored in the database. When a legitimate user logs in and is redirected to the Dashboard panel "automatically upon authentication the malicious script executes in the user's browser context.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-8409 - "Code-projects Vehicle Management SQL Injection"

CVE ID : CVE-2025-8409
Published : July 31, 2025, 4:15 p.m. | 4 hours, 49 minutes ago
Description : A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-29556 - ExaGrid EX10 Incorrect Access Control Bypass

CVE ID : CVE-2025-29556
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-46809 - SUSE Multi Linux Manager HTTP Proxy Credentials Disclosure

CVE ID : CVE-2025-46809
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : A Insertion of Sensitive Information into Log File vulnerability in SUSE Multi Linux Manager exposes the HTTP proxy credentials. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-50847 - CS Cart CSRF Add Product to Comparison List

CVE ID : CVE-2025-50847
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-50848 - "CS Cart Cross-Site Scripting (XSS) File Upload Vulnerability"

CVE ID : CVE-2025-50848
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-50850 - CS Cart Brute Force Vendor Login

CVE ID : CVE-2025-50850
Published : July 31, 2025, 4:15 p.m. | 3 hours, 10 minutes ago
Description : An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 16:15:00 GMT

read more

CVE-2025-34146 - SandboxJS Prototype Pollution Vulnerability

CVE ID : CVE-2025-34146
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service (DoS) condition or, under certain conditions, escape the sandboxed environment intended to restrict code execution. The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-50270 - AnQiCMS Stored XSS

CVE ID : CVE-2025-50270
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to execute arbitrary code via a crafted script to the title, categoryTitle, and tmpTag parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-50475 - Russound MBX-PRE-D67F OS Command Injection Vulnerability

CVE ID : CVE-2025-50475
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network configuration requests. This vulnerability stems from improper neutralization of special elements used in an OS command within the network configuration handler, enabling remote code execution with the highest privileges.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-50849 - CS Cart IDOR

CVE ID : CVE-2025-50849
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-51569 - LB-Link BL-CPE300M Router Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-51569
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U14_06 router's web interface. The /goform/goform_get_cmd_process endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to inject arbitrary JavaScript, which is executed in the context of the router's origin when the crafted URL is accessed. The issue requires user interaction to exploit.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-52289 - MagnusBilling Broken Access Control Vulnerability

CVE ID : CVE-2025-52289
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-8408 - Apache Vehicle Management SQL Injection

CVE ID : CVE-2025-8408
Published : July 31, 2025, 3:15 p.m. | 4 hours, 10 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125121 - Array Networks vAPV/vxAG SSH Privilege Escalation Vulnerability

CVE ID : CVE-2014-125121
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a default SSH login or a hardcoded DSA private key, allowing an attacker to authenticate remotely with limited privileges. Once authenticated, an attacker can overwrite the world-writable /ca/bin/monitor.sh script with arbitrary commands. Since this script is executed with elevated privileges through the backend binary, enabling the debug monitor via backend -c "debug monitor on" triggers execution of the attacker's payload as root. This allows full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125122 - Linksys WRT120N Remote Stack Buffer Overflow Vulnerability

CVE ID : CVE-2014-125122
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this flaw, an unauthenticated remote attacker can overwrite memory in a controlled manner, enabling them to temporarily reset the administrator password of the device to a blank value. This grants unauthorized access to the router’s web management interface without requiring valid credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125123 - Kloxo SQL Injection Vulnerability

CVE ID : CVE-2014-125123
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the administrator’s password from the backend database. After recovering valid credentials, the attacker can authenticate to the Kloxo control panel and leverage the Command Center feature (display.php) to execute arbitrary operating system commands as root on the underlying host system. This vulnerability was reported to be exploited in the wild in January 2014.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125124 - Pandora FMS Anyterm Remote Command Execution

CVE ID : CVE-2014-125124
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the pandora user. In certain versions (notably 4.1 and 5.0RC1), the pandora user can elevate privileges to root without a password using a chain involving the artica user account. This account is typically installed without a password and is configured to run sudo without authentication. Therefore, full system compromise is possible without any credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125125 - A10 Networks AX Loadbalancer Path Traversal Vulnerability

CVE ID : CVE-2014-125125
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2014-125126 - Apache Simple E-Document Unrestricted File Upload and Authentication Bypass

CVE ID : CVE-2014-125126
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanism fails to restrict file types and does not validate or sanitize user-supplied input, allowing attackers to upload malicious .php scripts. Authentication can be bypassed entirely by supplying a specially crafted cookie (access=3), granting access to the upload functionality without valid credentials. If file uploads are enabled on the server, the attacker can upload a web shell and gain remote code execution with the privileges of the web server user, potentially leading to full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2024-34328 - Sielox AnyWare Open Redirect Vulnerability

CVE ID : CVE-2024-34328
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-29557 - ExaGrid EX10 Remote Authentication Bypass

CVE ID : CVE-2025-29557
Published : July 31, 2025, 3:15 p.m. | 2 hours, 44 minutes ago
Description : ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10042 - FreeFTPd FTP PASS Command Stack-Based Buffer Overflow

CVE ID : CVE-2013-10042
Published : July 31, 2025, 3:15 p.m. | 2 hours, 12 minutes ago
Description : A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10043 - OAstium VoIP PBX Remote Code Execution Vulnerability

CVE ID : CVE-2013-10043
Published : July 31, 2025, 3:15 p.m. | 2 hours, 12 minutes ago
Description : A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10033 - Kimai SQL Injection Remote Code Execution

CVE ID : CVE-2013-10033
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10034 - Kaseya KServer Unauthenticated File Upload Remote Code Execution Vulnerability

CVE ID : CVE-2013-10034
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10035 - ProcessMaker Code Injection Vulnerability

CVE ID : CVE-2013-10035
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPage_Ajax.php, and cases_SchedulerGetPlugins.php, by supplying crafted POST requests to parameters such as action and params. These endpoints fail to validate user input and directly invoke PHP functions like system() with user-supplied parameters, enabling remote code execution. The vulnerability affects both Linux and Windows installations and is present in default configurations of versions including 2.0.23 through 2.5.1. The vulnerable skin cannot be removed through the web interface, and exploitation requires only valid user credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10036 - Beetel Connection Manager Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2013-10036
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10037 - WebTester OS Command Injection Vulnerability

CVE ID : CVE-2013-10037
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request, resulting in arbitrary command execution on the underlying system with web server privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10038 - FlashChat Arbitrary File Upload Vulnerability

CVE ID : CVE-2013-10038
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed remotely, resulting in arbitrary code execution as the web server user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10039 - GestioIP Command Injection Vulnerability

CVE ID : CVE-2013-10039
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2013-10040 - ClipBucket Remote Code Execution Vulnerability

CVE ID : CVE-2013-10040
Published : July 31, 2025, 3:15 p.m. | 43 minutes ago
Description : ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 31 Jul 2025 15:15:00 GMT

read more

CVE-2025-54589 - Copyparty Reflected Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-54589
Published : July 31, 2025, 2:15 p.m. | 49 minutes ago
Description : Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `